Page MenuHomeDevCentral
Files F11722158

No OneTemporary
Actions

View Options

diff --git a/GIDs b/GIDs
index f4fd82c..18ce9ec 100644
--- a/GIDs
+++ b/GIDs
@@ -1,13 +1,14 @@
827 chaton-dev
828 deployment
829 nasqueron-irc
835 opensearch
842 nasqueron-dev-docker
3001 ops
#3002 is intentionally left unassigned
3003 deployment
3004 mediawiki
3005 nasquenautes
+6000 mailbox
9001 salt
9002 deploy
9003 web
diff --git a/UIDs b/UIDs
index eafaa47..d4e0e86 100644
--- a/UIDs
+++ b/UIDs
@@ -1,13 +1,15 @@
830 odderon
831 builder
832 chaton LEGACY
833 viperserv
834 tc2
835 opensearch
3004 mediawiki
+6000 mailbox
9001 salt
9002 deploy
8900 zr LEGACY
# Web app
+12000 web-org-nasqueron-mail #reserved for it
12001 web-org-nasqueron-mail-admin
diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
index a4a6d1f..d9c3d55 100644
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -1,265 +1,269 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Vault configuration
#
# :: vault_policies_path: path on vault server where to store policies
#
# :: vault_policies_source: path to fetch policies from
# if starting by salt://, from salt files server
#
# :: vault_mount_paths: translates secrets paths in policies paths
#
# Generally, Vault paths are the same for policies and data access.
#
# For kv secrets engine, version 2, writing and reading versions
# of a kv value are prefixed with the data/ path.
#
# credentials.build_policies_by_node will use this dictionary
# to be able to rewrite secrets paths in data paths.
#
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_policies_path: /srv/policies/vault
vault_policies_source: /srv/policies/vault
vault_mount_paths:
ops/secrets: ops/data/secrets
ops/privacy: ops/data/privacy
apps: apps/data
# -------------------------------------------------------------
# Vault policies to deploy as-is, ie without templating.
#
# Entries of vault_policies must match a .hcl file in
# roles/vault/policies/files folder.
#
# If you need a template, create a new pillar entry instead
# and add the parsing logic either:
# - directly to roles/vault/policies/
#
# - through _modules/credentials.py for policies to apply
# to Salt nodes, like e.g. vault_secrets_by_role
#
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_policies:
- admin
- airflow
- salt-primary
- sentry
- vault_bootstrap
- viperserv
# -------------------------------------------------------------
# Vault policies for Salt
#
# Declare the extra policies each nodes need.
#
# In adition of those extra policies, the vault_secrets_by_role
# will be parsed for the keys.
#
# IMPORTANT: as grains['roles'] can be modified by the node,
# roles are extracted directly from the pillar.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_extra_policies_by_role:
salt-primary:
- salt-primary
# -------------------------------------------------------------
# Vault secrets by role
#
# Paths of the keys the specified role needs access to.
#
# Avoid * notation as this namespace is shared between Vault
# and the applications. As such, only secrets the Salt nodes
# needs in a state they need to deploy should be listed here.
#
# Use %%node%% as variable for node name.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_secrets_by_role:
devserver:
- ops/secrets/nasqueron/notifications/notifications-cli/%%node%%
- ops/secrets/nasqueron/deploy/deploy_keys/alken-orin
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/bitbucket/dereckson/www
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/bitbucket/ewosp/www
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/github/wolfplex/api-www
+ mailserver:
+ - ops/secrets/dbserver/cluster-A/users/mailManagement
+ - ops/secrets/mailserver/security
+
opensearch:
- ops/secrets/nasqueron/opensearch/infra-logs/internal_users/admin
- ops/secrets/nasqueron/opensearch/infra-logs/internal_users/dashboards
paas-docker-prod:
#
# Personal data or personally identifiable information (PII)
# related to Nasqueron Operations SIG members.
#
- ops/privacy/ops-cidr
#
# Credentials used by Nasqueron services
# Format: ops/secrets/nasqueron/service/<...>
#
- ops/secrets/nasqueron/acquisitariat/mysql
- ops/secrets/nasqueron/airflow/admin_account
- ops/secrets/nasqueron/airflow/fernet
- ops/secrets/nasqueron/airflow/sentry
- ops/secrets/dbserver/cluster-A/users/airflow
- ops/secrets/nasqueron/auth-grove/mysql
- ops/secrets/nasqueron/cachet/app_key
- ops/secrets/nasqueron/cachet/mysql
- ops/secrets/nasqueron/etherpad/api
- ops/secrets/nasqueron/etherpad/mysql
- ops/secrets/nasqueron/etherpad/users/dereckson
- ops/secrets/nasqueron/notifications/broker
- ops/secrets/nasqueron/notifications/mailgun
- ops/secrets/nasqueron/notifications/sentry
- ops/secrets/nasqueron/notifications/credentials/github/nasqueron
- ops/secrets/nasqueron/notifications/credentials/github/wolfplex
- ops/secrets/nasqueron/notifications/credentials/github/keruald
- ops/secrets/nasqueron/notifications/credentials/github/trustspace
- ops/secrets/nasqueron/notifications/credentials/github/eglide
- ops/secrets/nasqueron/notifications/credentials/phabricator/nasqueron
- apps/notifications-center/dockerhub/notifications
- apps/notifications-center/dockerhub/auth-grove
- ops/secrets/nasqueron/penpot/github
- ops/secrets/nasqueron/penpot/postgresql
- ops/secrets/nasqueron/penpot/secret_key
- ops/secrets/nasqueron/pixelfed/app_key
- ops/secrets/nasqueron/pixelfed/mailgun
- ops/secrets/nasqueron/pixelfed/mysql
- ops/secrets/nasqueron/rabbitmq/white-rabbit/erlang-cookie
- ops/secrets/nasqueron/rabbitmq/white-rabbit/root
- ops/secrets/nasqueron/sentry/app_key
- ops/secrets/nasqueron/sentry/geoipupdate
- ops/secrets/nasqueron/sentry/postgresql
- ops/secrets/nasqueron/sentry/vault
#
# Credentials used by Nasqueron members private services
# Format: <username>/<service>/<type>
#
- ops/secrets/dereckson/phabricator/mysql
#
# Credentials used by projects hosted by Nasqueron
# Format: <project name>/<service>/<type>
#
- ops/secrets/dbserver/cluster-A/users/corspat
- ops/secrets/espacewin/phpbb/mysql_root
- ops/secrets/wolfplex/phabricator/mailgun
- ops/secrets/wolfplex/phabricator/mysql
- ops/secrets/zed/phabricator/mysql
- ops/secrets/zed/phabricator/sendgrid
paas-docker-dev:
#
# Credentials used by Nasqueron services
# Format: ops/secrets/nasqueron/service/<...>
#
- ops/secrets/nasqueron/airflow/admin_account
- ops/secrets/nasqueron/airflow/fernet
- ops/secrets/nasqueron/airflow/sentry
- ops/secrets/nasqueron/airflow/vault
- ops/secrets/dbserver/cluster-A/users/airflow
- ops/secrets/nasqueron/orbeon/oxf.crypto.password
- ops/secrets/nasqueron/orbeon/users/dereckson
- ops/secrets/dbserver/cluster-A/users/orbeon
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/erlang-cookie
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/root
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/notifications
- ops/secrets/nasqueron/notifications/sentry
#
# Credentials used by projects hosted by Nasqueron
# Format: <project name>/<service>/<type>
#
- ops/secrets/espacewin/bugzilla/mysql
- ops/secrets/espacewin/bugzilla/mysql_root
saas-mediawiki:
- ops/secrets/dbserver/cluster-B/users/saas-mediawiki
- ops/secrets/nasqueron/mediawiki/secret_key
saas-wordpress:
- ops/secrets/dbserver/cluster-B/users/dereckson_blog
- ops/secrets/dereckson/wordpress/secrets
viperserv:
- ops/secrets/nasqueron/viperserv/vault
webserver-alkane-prod:
- ops/secrets/dbserver/cluster-B/users/dereckson_www
- ops/secrets/dbserver/cluster-B/users/zed
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/github/hypership/content_users
- ops/secrets/zed/hypership/secret_key
#
# Wolfplex credentials
#
- ops/secrets/nasqueron/etherpad/api
webserver-alkane-dev:
- ops/secrets/dbserver/cluster-B/users/dereckson_www51
webserver-legacy:
#
# Wolfplex credentials
#
- ops/secrets/nasqueron/etherpad/api
# -------------------------------------------------------------
# Vault secrets by dbserver cluster
#
# Paths of the keys the specified role needs access to.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_secrets_by_dbserver_cluster:
# Main PostgreSQL cluster
A:
- ops/secrets/dbserver/cluster-A/users/*
# Main MariaDB cluster - Alkane PaaS, ViperServ
B:
- ops/secrets/dbserver/cluster-B/users/*
diff --git a/pillar/mailserver/vimbadmin.sls b/pillar/mailserver/vimbadmin.sls
new file mode 100644
index 0000000..1a72fc4
--- /dev/null
+++ b/pillar/mailserver/vimbadmin.sls
@@ -0,0 +1,13 @@
+# -------------------------------------------------------------
+# Salt — ViMbAdmin Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+vimbadmin_config:
+ db:
+ service: db-A
+ database: mail
+ credential: dbserver/cluster-A/users/mailManagement
+ security: mailserver/security
diff --git a/pillar/paas/alkane/hervil/main.sls b/pillar/paas/alkane/hervil/main.sls
index ce81f67..10519cf 100644
--- a/pillar/paas/alkane/hervil/main.sls
+++ b/pillar/paas/alkane/hervil/main.sls
@@ -1,34 +1,36 @@
# -------------------------------------------------------------
# Salt — PaaS Alkane :: PHP and static sites [development]
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Site: https://admin.mail.nasqueron.org/
# -------------------------------------------------------------
# -------------------------------------------------------------
# PHP sites
#
# Username must be unique and use max 31 characters.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_domains:
nasqueron:
- nasqueron.org
nginx_vhosts:
nasqueron.org:
- admin.mail
php_fpm_instances:
# PHP current version, generally installed as package/port
prod:
command: /usr/local/sbin/php-fpm
web_php_sites:
admin.mail.nasqueron.org:
domain: nasqueron.org
subdomain: admin.mail
user: web-org-nasqueron-mail-admin
uid: 12001
php-fpm: prod
+ env:
+ APPLICATION_ENV: production
diff --git a/pillar/top.sls b/pillar/top.sls
index 8a9859e..2c4ddf2 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,71 +1,74 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- core.users
- core.groups
- core.network
- certificates.certificates
- nodes.nodes
- nodes.forests
- hotfixes.roles
- services.monitoring-reporting
- services.table
- webserver.sites
- credentials.vault
cloudhugger:
- opensearch.software
- opensearch.clusters
complector:
- credentials.vault
# To provision services
- saas.rabbitmq
docker-002:
- notifications.config
- paas.docker
- saas.jenkins
- saas.phpbb
db-A-001:
- dbserver.cluster-A
db-B-001:
- dbserver.cluster-B
dwellers:
- paas.docker
- saas.airflow
- saas.jenkins
eglide:
- shellserver.quassel
+ hervil:
+ - mailserver.vimbadmin
+
ysul:
- devserver.repos
- saas.mediawiki
- viperserv.bots
- viperserv.fantoir
- webserver.labs
- webserver.wwwroot51
web-001:
- saas.mediawiki
- saas.wordpress
windriver:
- devserver.datacubes
- devserver.ports
- devserver.repos
- webserver.labs
- webserver.wwwroot51
diff --git a/roles/mailserver/vimbadmin/files/application.ini b/roles/mailserver/vimbadmin/files/application.ini
new file mode 100644
index 0000000..acf1fdf
--- /dev/null
+++ b/roles/mailserver/vimbadmin/files/application.ini
@@ -0,0 +1,694 @@
+# -------------------------------------------------------------
+# ViMbAdmin configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/mailserver/vimbadmin/files/application.ini
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; ViMbAdmin :: Virtual Mailbox Admin
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; IMPORTANT: Review and change all options in [user]
+;;
+;; ** This is for ViMbAdmin V3 and later **
+;;
+;; See: https://github.com/opensolutions/ViMbAdmin/wiki/Configuration
+
+[user]
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Installation Keys and Salts
+;
+; During installation, you will be prompted to enter strings here. This
+; is to verify that you are in fact the person authorised to complete the
+; installation as well as provide security for cookies and passwords.
+
+securitysalt = "{{ security.salt }}"
+resources.auth.oss.rememberme.salt = "{{ security.osRememberMeSalt }}"
+defaults.mailbox.password_salt = "{{ security.mailboxSaltPassword }}"
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; When installing for the first time, it may be useful to set the following
+; to 1 BUT ensure you set it to zero again in a production system
+
+phpSettings.display_startup_errors = 0
+phpSettings.display_errors = 0
+resources.frontController.params.displayExceptions = 0
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; You database and caching connection.
+;;
+
+resources.doctrine2.connection.options.driver = 'pdo_pgsql'
+resources.doctrine2.connection.options.dbname = '{{ db.database }}'
+resources.doctrine2.connection.options.user = '{{ db.username }}'
+resources.doctrine2.connection.options.password = '{{ db.password }}'
+resources.doctrine2.connection.options.host = '{{ db.host }}'
+resources.doctrine2.connection.options.charset = 'utf8'
+
+;; Doctrine2 requires Memcache for maximum efficency. Without Memcache
+;; it can be highly inefficient and will slow page requests down.
+;;
+;; You are strongly advised to install memcache and comment ArrayCache
+;; here and uncomment MemcacheCache.
+;;
+
+resources.doctrine2cache.type = 'ArrayCache'
+;resources.doctrine2cache.type = 'MemcacheCache'
+resources.doctrine2cache.memcache.servers.0.host = 'localhost'
+resources.doctrine2cache.namespace = 'ViMbAdmin3'
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Default values used when creating domains
+;
+; See: https://github.com/opensolutions/ViMbAdmin/wiki/Configuration
+; See: https://github.com/opensolutions/ViMbAdmin/wiki/Quotas
+
+defaults.domain.quota = 0
+defaults.domain.maxquota = 0
+defaults.domain.transport = "virtual"
+defaults.domain.aliases = 0
+defaults.domain.mailboxes = 0
+
+defaults.quota.multiplier = 'MB'
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Use server side filtering to reduce pagination time on client side
+;; Defaults to off / false
+defaults.server_side.pagination.enable = false
+defaults.server_side.pagination.min_search_str = 3
+defaults.server_side.pagination.max_result_cnt = 500
+
+;; Separate configuration for domain list
+defaults.server_side.pagination.domain.enable = false
+defaults.server_side.pagination.domain.min_search_str = 3
+defaults.server_side.pagination.domain.max_result_cnt = 500
+
+; The number of rows displayed in the tables
+; must be one of these: 10, 25, 50, 100
+defaults.table.entries = 50
+
+;; Enable or disable display of Domain name column. Default : enabled
+defaults.list_domain.disabled = false
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Options for the display of domain and mailbox sizes
+;;
+;; See: https://github.com/opensolutions/ViMbAdmin/wiki/Mailbox-Sizes
+;;
+;; Enable or disable display of sizes. Default: disabled
+
+defaults.list_size.disabled = true
+
+;; Maildir size units. By default: KB. One of B, KB, MB or GB.
+defaults.list_size.multiplier = 'GB'
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Default values for creating mailboxes
+
+; This sets the uid and gid columns in the mailbox table to the below values
+defaults.mailbox.uid = {{ mailbox.UID }}
+defaults.mailbox.gid = {{ mailbox.GID }}
+
+
+; Set the homedir and maildir values in the mailbox table where the
+; following substitutions apply:
+;
+; %d -> domain part of email address
+; %u -> user part of email address
+; %m -> full email address
+; %atmail -> substitutes an email address (test@example.com) with t/e/test@example.com
+;
+;
+; http://wiki2.dovecot.org/VirtualUsers/Home
+
+defaults.mailbox.maildir = "maildir:{{ mailbox.dir }}/%d/%u/mail:LAYOUT=fs"
+defaults.mailbox.homedir = "{{ mailbox.dir }}/%d/%u"
+
+;minimum mailbox password length
+defaults.mailbox.min_password_length = 8
+
+; The password hashing function to use. Set to one of:
+;
+; "plain" - password stored as clear text
+; "md5" - password hashed using MD5 without salt (PHP md5())
+; "md5-salted" - password hashed using MD5 with salt (salt set in defaults.mailbox.password_salt above)
+; "sha1" - password hashed using sha1 without salt
+; "sha1-salted" - password hashed using sha1 with salt (salt set in defaults.mailbox.password_salt above)
+; "crypt:XXX" - call the PHP crypt function (with random salt) where XXX is one of: md5, blowfish, sha256, sha512
+; "dovecot:XXX" - call the Dovecot password generator (see next option below) and use the
+; scheme specified by XXX. To see available schemes, use 'dovecotpw -l'
+; or 'doveadm pw -l'
+
+; You should pick a hashing function as strong as your mail system allows.
+; At time of writing, Dovecot ( http://wiki2.dovecot.org/Authentication/PasswordSchemes ) recommends one of
+; BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT in descending order of strength
+defaults.mailbox.password_scheme = "dovecot:BLF-CRYPT"
+
+; April 2016 - Bad salts - it was pointed out that a typo in the code below meant that
+; the now deprecated md5.salted and sha1.salted (as opposed to their hyphenated versions above)
+; didn't actually use the requested salt string but a fixed salt of "md5.salted" and "sha1.salted"
+; respectively. These options still work for backwards compatibility.
+; See:
+; https://github.com/opensolutions/OSS-Framework/issues/43#issuecomment-207040421
+; https://github.com/opensolutions/OSS-Framework/commit/b3d669a81f8214032a70e594472ece9fe9322fe2
+
+
+; The path to (and initial option(s) if necessary) the Dovecot password generator. Typical
+; values may be something like:
+;
+; "/usr/bin/doveadm pw"
+; "/usr/bin/dovecotpw"
+
+defaults.mailbox.dovecot_pw_binary = "{{ dirs.bin }}/doveadm pw"
+
+
+
+;; A "mailbox alias" will, for example add the following entry to
+;; the alias table for a mailbox: name@example.com
+;;
+;; name@example.com -> name@example.com
+;;
+;; This is required for aliasing an entire domain. If in doubt, leave it enabled.
+mailboxAliases = 1
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; See: https://github.com/opensolutions/ViMbAdmin/wiki/Archiving-Mailboxes
+
+server_id = 1
+
+;;Archive options
+binary.path.chown_R = "/usr/sbin/chown -R"
+binary.path.tar_cf = "/usr/bin/tar -cf"
+binary.path.tar_xf = "/usr/bin/tar -xf"
+binary.path.bzip2_q = "/usr/bin/bzip2 -q"
+binary.path.bunzip2_q = "/usr/bin/bunzip2 -q"
+binary.path.rm_rf = "/bin/rm -rf"
+
+archive.path = "{{ mailbox.archive }}"
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Enable mailbox deletion on the file system
+;
+; See: https://github.com/opensolutions/ViMbAdmin/wiki/Deleting-Mailboxes
+;
+
+mailbox_deletion_fs_enabled = false
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Export Mailbox Settings
+;
+; See: https://github.com/opensolutions/ViMbAdmin/wiki/Export-Settings
+;
+defaults.export_settings.disabled = true
+
+
+;; Export settings alowed subnets
+defaults.export_settings.allowed_subnet[] = "10."
+defaults.export_settings.allowed_subnet[] = "192.168."
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Settings email default values.
+;;
+;; Substituions are as follows:
+;;
+;; %d -> domain part of email address
+;; %u -> user part of email address
+;; $m -> full email address
+;;
+;; See (and skin) the following file to see how the below are used:
+;;
+;; views/mailbox/email/settings.phtml
+;;
+
+server.smtp.enabled = 1
+server.smtp.host = "mail.%d"
+server.smtp.user = "%m"
+server.smtp.port = "465"
+server.smtp.crypt = "SSL"
+
+server.pop3.enabled = 1
+server.pop3.host = "gpo.%d"
+server.pop3.user = "%m"
+server.pop3.port = "995"
+server.pop3.crypt = "SSL"
+
+server.imap.enabled = 1
+server.imap.host = "gpo.%d"
+server.imap.user = "%m"
+server.imap.port = "993"
+server.imap.crypt = "SSL"
+
+server.webmail.enabled = 1
+server.webmail.host = "https://webmail.%d"
+server.webmail.user = "%m"
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Identity
+
+identity.orgname = "{{ identity.orgname }}"
+identity.name = "{{ identity.name }}"
+identity.email = "{{ identity.email }}"
+identity.autobot.name = "{{ identity.autobot.name }}"
+identity.autobot.email = "{{ identity.autobot.email }}"
+identity.mailer.name = "{{ identity.mailer.name }}"
+identity.mailer.email = "{{ identity.mailer.email }}"
+
+identity.sitename = "{{ identity.sitename }}"
+identity.siteurl = "{{ identity.siteurl }}"
+
+
+;;
+;; All mail and correspondence will come from the following;;
+
+server.email.name = "ViMbAdmin Administrator"
+server.email.address = "support{{ defaultDomain }}"
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Skinning
+;;
+;; You can skin ViMbAdmin pages if you wish.
+;;
+;; See: https://github.com/opensolutions/ViMbAdmin/wiki/Skinning
+
+; resources.smarty.skin = "myskin"
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; See: http://framework.zend.com/manual/en/zend.mail.smtp-authentication.html
+;;
+;; Ensure you have a working mail server configuration so the system can
+;; send emails.
+;; Possible values:
+;; transport.type: sendmail, smtp
+;; transport.auth: crammd5, login, plain
+;; transport.ssl: ssl, tls
+;;
+
+resources.mail.transport.type = "smtp"
+resources.mail.transport.host = "localhost"
+;resources.mail.transport.username = ""
+;resources.mail.transport.password = ""
+;resources.mail.transport.auth = ""
+;resources.mail.transport.ssl = ""
+;resources.mail.transport.port = "25"
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Local filesystem logging.
+;;
+;; We log various things to var/log/YYYY/MM/ if you enable the logger here.
+;;
+;; It is useful to use the email logger to be alerted of serious errors.
+;;
+
+ondemand_resources.logger.enabled = 1
+
+;ondemand_resources.logger.writers.email.from = "{{ defaultDomain }}"
+;ondemand_resources.logger.writers.email.to = "{{ defaultDomain }}""
+;ondemand_resources.logger.writers.email.prefix = "ViMbAdmin_Error"
+;ondemand_resources.logger.writers.email.level = 3
+
+ondemand_resources.logger.writers.stream.level = 7
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; ViMbAdmin performs a version check on administrator login and alerts the
+;; user if there is a newer version available.
+;;
+;; This can be disabled by setting the below to 1
+;;
+
+skipVersionCheck = 1
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; ViMbAdmin 'pings' the developers as part of the set up process to let
+;; them know there is a new installation.
+;;
+;; All we are interested in is knowing whether people are using the software
+;; or not and whether continued support and development is worth the time
+;; and effort.
+;;
+;; Unless you're very shy, PLEASE LET US KNOW YOU'RE USING IT!
+;;
+;; This can be disabled by setting the below to 1
+;;
+
+skipInstallPingback = 1
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Allow admins to dictate whether a user can use BOTH, IMAP ONLY,
+; POP3 ONLY when creating mailboxes.
+;
+; Must be supported by your POP3/IMAP server.
+;
+; See https://github.com/opensolutions/ViMbAdmin/wiki/POP3-IMAP-Access-Permissions
+; for documentation.
+;
+; This is handled via a plugin
+;
+
+vimbadmin_plugins.AccessPermissions.disabled = false
+
+; specify the options which should be allowed for access restrictions
+vimbadmin_plugins.AccessPermissions.type.SMTP = "SMTP"
+vimbadmin_plugins.AccessPermissions.type.IMAP = "IMAP"
+vimbadmin_plugins.AccessPermissions.type.POP3 = "POP3"
+vimbadmin_plugins.AccessPermissions.type.SIEVE = "SIEVE"
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Allow admins to force that for a mailbox/domain basic aliases are existing
+; If a new mailbox is created the system will check if the aliases are existing, if not they are created.
+
+vimbadmin_plugins.MailboxAutomaticAliases.disabled = true
+
+; These aliases should always exist, it is not recommened to delete it
+vimbadmin_plugins.MailboxAutomaticAliases.defaultAliases[] = "postmaster"
+vimbadmin_plugins.MailboxAutomaticAliases.defaultAliases[] = "abuse"
+
+; These aliases are optional, but it recommended to not remove them
+vimbadmin_plugins.MailboxAutomaticAliases.defaultAliases[] = "hostmaster"
+vimbadmin_plugins.MailboxAutomaticAliases.defaultAliases[] = "webmaster"
+
+; Define this if emails should be forwarded to a fixed address instead of the first mailbox address of the domain
+vimbadmin_plugins.MailboxAutomaticAliases.defaultMapping.postmaster = "{{ defaultDomain }}"
+;vimbadmin_plugins.MailboxAutomaticAliases.defaultMapping.abuse = "postmaster"
+;vimbadmin_plugins.MailboxAutomaticAliases.defaultMapping.* = "root@domain.tld"
+
+
+
+
+
+
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Proceed onwards with caution.
+;;
+;; The above [user] params are the may ones of consequence.
+;;
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Allows to add additional information.
+;
+; This is handled via a plugin
+;
+
+vimbadmin_plugins.AccessPermissions.disabled = false
+vimbadmin_plugins.DirectoryEntry.disabled = true
+vimbadmin_plugins.AdditionalInfo.disabled = true
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;; Disabling directory entry subform element
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+vimbadmin_plugins.DirectoryEntry.disabled_elements.JpegPhoto = true
+vimbadmin_plugins.DirectoryEntry.disabled_elements.Mail = true
+vimbadmin_plugins.DirectoryEntry.disabled_elements.PreferredLanguage = true
+vimbadmin_plugins.DirectoryEntry.disabled_elements.Secretary = true
+
+vimbadmin_plugins.DirectoryEntry.disabled_elements.PersonalTitle = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.GivenName = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.Sn = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.DisplayName = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.Initials = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.BusinessCategory = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.EmployeeType = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.Title = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.DepartmentNumber = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.Ou = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.RoomNumber = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.O = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.CarLicense = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.EmployeeNumber = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.HomePhone = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.TelephoneNumber = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.Mobile = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.Pager = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.FacsimileTelephoneNumber = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.HomePostalAddress = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.LabeledURI = false
+vimbadmin_plugins.DirectoryEntry.disabled_elements.Manager = false
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;; Mailbox AdditionalInfo plugin elements
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+
+;;Additional text messages for plugin.
+AdditionalInfo.mailbox.formPreBlurb = "<p><strong>NB:</strong> Do not edit the following. It is sync'd on a nightly basis ..."
+
+; First Name
+vimbadmin_plugins.AdditionalInfo.elements.id.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.id.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.id.options.label = "LDAP Id"
+
+; First Name
+vimbadmin_plugins.AdditionalInfo.elements.first_name.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.first_name.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.first_name.options.label = "First Name"
+
+; Last Name
+vimbadmin_plugins.AdditionalInfo.elements.second_name.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.second_name.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.second_name.options.label = "Last Name"
+
+; Grade
+vimbadmin_plugins.AdditionalInfo.elements.grade.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.grade.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.grade.options.label = "Grade"
+
+; Grade Id
+vimbadmin_plugins.AdditionalInfo.elements.grade_id.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.grade_id.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.grade_id.options.label = "Grade Id"
+vimbadmin_plugins.AdditionalInfo.elements.grade_id.options.validators.digits[] = 'Digits'
+vimbadmin_plugins.AdditionalInfo.elements.grade_id.options.validators.digits[] = true
+
+; Department
+vimbadmin_plugins.AdditionalInfo.elements.department.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.department.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.department.options.label = "Department"
+
+; Department Id
+vimbadmin_plugins.AdditionalInfo.elements.department_id.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.department_id.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.department_id.options.label = "Department Id"
+vimbadmin_plugins.AdditionalInfo.elements.department_id.options.validators.digits[] = 'Digits'
+vimbadmin_plugins.AdditionalInfo.elements.department_id.options.validators.digits[] = true
+
+; Section
+vimbadmin_plugins.AdditionalInfo.elements.section.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.section.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.section.options.label = "Section"
+
+; Extension Number
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.options.label = "Extension Number"
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.options.validators.digits[] = 'Digits'
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.options.validators.digits[] = true
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.options.validators.length[] = 'StringLength'
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.options.validators.length[] = false
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.options.validators.length.range[] = 4
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.options.validators.length.range[] = 4
+;;to disable autocomplete functionality
+vimbadmin_plugins.AdditionalInfo.elements.ext_no.options.autocomplete = 'off'
+
+; Direct Dial
+vimbadmin_plugins.AdditionalInfo.elements.d_dial.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.d_dial.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.d_dial.options.label = "Direct Dial"
+vimbadmin_plugins.AdditionalInfo.elements.d_dial.options.autocomplete = 'off'
+
+; Mobile
+vimbadmin_plugins.AdditionalInfo.elements.mobile.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.elements.mobile.options.required = false
+vimbadmin_plugins.AdditionalInfo.elements.mobile.options.label = "Mobile"
+vimbadmin_plugins.AdditionalInfo.elements.mobile.options.autocomplete = 'off'
+
+;;;;;;;
+;; Aliases additional information
+;;
+; First Name
+vimbadmin_plugins.AdditionalInfo.alias.elements.name.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.alias.elements.name.options.required = false
+vimbadmin_plugins.AdditionalInfo.alias.elements.name.options.label = "Name"
+
+; Extension Number
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.options.required = false
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.options.label = "Extension Number"
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.options.validators.digits[] = 'Digits'
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.options.validators.digits[] = true
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.options.validators.length[] = 'StringLength'
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.options.validators.length[] = false
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.options.validators.length.range[] = 4
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.options.validators.length.range[] = 4
+vimbadmin_plugins.AdditionalInfo.alias.elements.ext_no.options.autocomplete = 'off'
+
+; Direct Dial
+vimbadmin_plugins.AdditionalInfo.alias.elements.d_dial.type = "Zend_Form_Element_Text"
+vimbadmin_plugins.AdditionalInfo.alias.elements.d_dial.options.required = false
+vimbadmin_plugins.AdditionalInfo.alias.elements.d_dial.options.label = "Direct Dial"
+vimbadmin_plugins.AdditionalInfo.alias.elements.d_dial.options.autocomplete = 'off'
+
+
+[production : user]
+
+includePaths.library = APPLICATION_PATH "/../library"
+includePaths.osslibrary = APPLICATION_PATH "/../vendor/opensolutions/oss-framework/src/"
+
+bootstrap.path = APPLICATION_PATH "/Bootstrap.php"
+bootstrap.class = "Bootstrap"
+appnamespace = "ViMbAdmin"
+
+temporary_directory = "{{ dir_app_var }}tmp"
+
+pluginPaths.OSS_Resource = APPLICATION_PATH "/../library/OSS/Resource"
+pluginPaths.ViMbAdmin_Resource = APPLICATION_PATH "/../library/ViMbAdmin/Resource"
+
+mini_js = 1
+mini_css = 1
+
+alias_autocomplete_min_length = 2
+
+
+
+resources.frontController.controllerDirectory = APPLICATION_PATH "/controllers"
+resources.frontController.moduleDirectory = APPLICATION_PATH "/modules"
+resources.modules[] =
+
+
+; doctrine2
+resources.doctrine2.models_path = APPLICATION_PATH
+resources.doctrine2.proxies_path = APPLICATION_PATH "/Proxies"
+resources.doctrine2.repositories_path = APPLICATION_PATH
+resources.doctrine2.xml_schema_path = APPLICATION_PATH "/../doctrine2/xml"
+resources.doctrine2.autogen_proxies = 0
+resources.doctrine2.logger = 1
+resources.doctrine2.models_namespace = "Entities"
+resources.doctrine2.proxies_namespace = "Proxies"
+resources.doctrine2.repositories_namespace = "Repositories"
+
+
+resources.doctrine2cache.autoload_method = "composer"
+;resources.doctrine2cache.type = 'ArrayCache'
+;resources.doctrine2cache.type = 'MemcacheCache'
+;resources.doctrine2cache.memcache.servers.0.host = '127.0.0.1'
+;resources.doctrine2cache.memcache.servers.0.port = '11211'
+;resources.doctrine2cache.memcache.servers.0.persistent = false
+;resources.doctrine2cache.memcache.servers.0.weight = 1
+;resources.doctrine2cache.memcache.servers.0.timeout = 1
+;resources.doctrine2cache.memcache.servers.0.retry_int = 15
+
+; resources.doctrine2cache.memcache.servers.1.host = 'xxx'
+; resources.doctrine2cache.memcache.servers.2.host = 'yyy'
+
+resources.namespace.checkip = 0
+
+resources.auth.enabled = 1
+resources.auth.oss.adapter = "OSS_Auth_Doctrine2Adapter"
+resources.auth.oss.pwhash = "bcrypt"
+resources.auth.oss.hash_cost = 9
+resources.auth.oss.entity = "\\Entities\\Admin"
+resources.auth.oss.disabled.lost-username = 1
+resources.auth.oss.disabled.lost-password = 0
+
+resources.auth.oss.rememberme.enabled = 1
+resources.auth.oss.rememberme.timeout = 2592000
+resources.auth.oss.rememberme.secure = true
+
+resources.auth.oss.lost_password.use_captcha = true
+
+resources.session.save_path = "{{ dir_app_var }}session"
+resources.session.use_only_cookies = true
+resources.session.remember_me_seconds = 3600
+resources.session.name = 'VIMBADMIN3'
+
+ondemand_resources.logger.writers.stream.path = "{{ dir_app_var }}log"
+ondemand_resources.logger.writers.stream.owner = www-data
+ondemand_resources.logger.writers.stream.group = www-data
+ondemand_resources.logger.writers.stream.mode = single
+ondemand_resources.logger.writers.stream.logname = vimbadmin.log
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Smarty View
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+resources.smarty.enabled = 1
+resources.smarty.templates = APPLICATION_PATH "/views"
+; resources.smarty.skin = "myskin"
+resources.smarty.compiled = "{{ dir_app_var }}templates_c"
+resources.smarty.cache = "{{ dir_app_var }}cache"
+resources.smarty.config = APPLICATION_PATH "/configs/smarty"
+resources.smarty.plugins[] = APPLICATION_PATH "/../library/ViMbAdmin/Smarty/functions"
+resources.smarty.plugins[] = APPLICATION_PATH "/../library/OSS/Smarty/functions"
+resources.smarty.plugins[] = APPLICATION_PATH "/../vendor/smarty/smarty/libs/plugins"
+resources.smarty.plugins[] = APPLICATION_PATH "/../vendor/smarty/smarty/libs/sysplugins"
+resources.smarty.debugging = 0
+
+
+
+
+[development : production]
+
+mini_js = 0
+mini_css = 0
+
+phpSettings.display_startup_errors = 1
+phpSettings.display_errors = 1
+resources.frontController.params.displayExceptions = 1
diff --git a/roles/mailserver/vimbadmin/init.sls b/roles/mailserver/vimbadmin/init.sls
new file mode 100644
index 0000000..708f2bc
--- /dev/null
+++ b/roles/mailserver/vimbadmin/init.sls
@@ -0,0 +1,92 @@
+# -------------------------------------------------------------
+# Salt — Provision ViMbAdmin Config
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set db = pillar["vimbadmin_config"]["db"] %}
+{% set securityCredentials = pillar["vimbadmin_config"]["security"] %}
+{% from "map.jinja" import dirs with context %}
+
+mailbox:
+ group.present:
+ - gid: 6000
+ - system: True
+
+mailbox_mail_user:
+ user.present:
+ - name: mailbox
+ - uid: 6000
+ - gid: 6000
+ - system: True
+ - home: /var/run/web/mailbox_mail_user
+
+/var/mail/_archive:
+ file.directory:
+ - user: 6000
+ - group: 6000
+ - mode: 700
+ - makedirs: True
+
+/var/mail/_virtual:
+ file.directory:
+ - user: 6000
+ - group: 6000
+ - mode: 700
+ - makedirs: True
+
+/var/vimbadmin:
+ file.directory:
+ - user: web-org-nasqueron-mail-admin
+ - group: web
+ - mode: 710
+ - makedirs: True
+
+{% for subdir in ['cache', 'log', 'session', 'template_c', 'tmp/captchas'] %}
+
+/var/vimbadmin/{{ subdir }}:
+ file.directory:
+ - user: web-org-nasqueron-mail-admin
+ - group: web
+ - mode: 710
+ - makedirs: True
+
+{% endfor %}
+
+/var/wwwroot/nasqueron.org/admin.mail/application/configs/application.ini:
+ file.managed:
+ - source: salt://roles/mailserver/vimbadmin/files/application.ini
+ - mode: 400
+ - user: web-org-nasqueron-mail-admin
+ - template: jinja
+ - context:
+ db:
+ database: {{ db["database"] }}
+ username: {{ salt["credentials.get_username"](db["credential"]) }}
+ password: {{ salt["credentials.get_password"](db["credential"]) }}
+ host: {{ pillar["nasqueron_services"][db["service"]] }}
+ defaultDomain: "@nasqueron.org"
+ dirs: {{ dirs }}
+ dir_app_var: /var/vimbadmin/
+ identity:
+ autobot:
+ name: "ViMbAdmin Autobot"
+ email: "autobot@nasqueron.org"
+ email: "support@nasqueron.org"
+ mailer:
+ name: "ViMbAdmin Autobot"
+ email: "do-not-reply@nasqueron.org"
+ name: "Nasqueron Operations SIG"
+ orgname: "Nasqueron"
+ sitename: "ViMbAdmin"
+ siteurl: "https://admin.mail.nasqueron.org"
+ mailbox:
+ archive: "/var/mail/_archive"
+ dir: "/var/mail/_virtual"
+ GID: 6000
+ UID: 6000
+ security:
+ salt: {{ salt["credentials.read_secret"](securityCredentials)["salt"] | yaml_dquote }}
+ osRememberMeSalt: {{ salt["credentials.read_secret"](securityCredentials)["osRememberMeSalt"] | yaml_dquote }}
+ mailboxSaltPassword: {{ salt["credentials.read_secret"](securityCredentials)["mailboxSaltPassword"] | yaml_dquote }}

File Metadata

Mime Type
text/x-diff
Expires
Thu, Sep 18, 01:32 (1 d, 4 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2989702
Default Alt Text
(43 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator