From 170636d0985a7e442e2bab3d82d874a9e325c7b7 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 3 Apr 2025 14:05:00 +0200 Subject: [PATCH] Implemented msmtp for wordpress --- 10_ENTERPRISE_SOLUTIONS.md | 8 ++--- roles/README.md | 2 +- roles/docker-wordpress/Administration.md | 33 ++++++++++++----- roles/docker-wordpress/README.md | 36 ++++++++++++++++++- roles/docker-wordpress/files/Dockerfile | 10 ++++++ roles/docker-wordpress/meta/main.yml | 25 +++++++++++++ roles/docker-wordpress/tasks/main.yml | 23 +++++++----- .../docker-wordpress/templates/upload.ini.j2 | 11 +++--- roles/msmtp/README.md | 29 +++++++++++++++ roles/msmtp/meta/main.yml | 24 +++++++++++++ roles/msmtp/tasks/main.yml | 19 ++++++++++ .../templates/msmtprc.conf.j2 | 0 roles/nginx-modifier-matomo/tasks/main.yml | 2 +- roles/nginx/tasks/main.yml | 4 ++- roles/systemd-notifier-email/meta/main.yml | 5 +-- roles/systemd-notifier-email/tasks/main.yml | 11 ------ 16 files changed, 200 insertions(+), 42 deletions(-) create mode 100644 roles/docker-wordpress/meta/main.yml create mode 100644 roles/msmtp/README.md create mode 100644 roles/msmtp/meta/main.yml create mode 100644 roles/msmtp/tasks/main.yml rename roles/{systemd-notifier-email => msmtp}/templates/msmtprc.conf.j2 (100%) diff --git a/10_ENTERPRISE_SOLUTIONS.md b/10_ENTERPRISE_SOLUTIONS.md index 8232e6cd..3a1f759b 100644 --- a/10_ENTERPRISE_SOLUTIONS.md +++ b/10_ENTERPRISE_SOLUTIONS.md @@ -9,9 +9,9 @@ - **Compliance & Audit Logs** - Maintain regulatory standards ## Use Cases 💼 -✅ **Cloud-Based Infrastructure** (Docker, Kubernetes, CI/CD pipelines) -✅ **Enterprise Networking & VPN** (WireGuard, OpenVPN, Firewall rules) -✅ **Database & Business Apps** (PostgreSQL, Nextcloud, ERP systems) -✅ **Custom Security Solutions** (Keycloak, LDAP, 2FA enforcement) +- ✅ **Cloud-Based Infrastructure** (Docker, Kubernetes, CI/CD pipelines) +- ✅ **Enterprise Networking & VPN** (WireGuard, OpenVPN, Firewall rules) +- ✅ **Database & Business Apps** (PostgreSQL, Nextcloud, ERP systems) +- ✅ **Custom Security Solutions** (Keycloak, LDAP, 2FA enforcement) Interested? Contact [Kevin Veen-Birkenbach](mailto:kevin@veen.world) to discuss tailored enterprise solutions. \ No newline at end of file diff --git a/roles/README.md b/roles/README.md index b5d35c7d..95a550c6 100644 --- a/roles/README.md +++ b/roles/README.md @@ -1,5 +1,5 @@ # Applications and Roles -CyMaIS offers a variety of applications to simplify your daily tasks. +CyMaIS offers a variety of applications to simplify your daily tasks. ## For Users Discover the solutions CyMaIS provides for you: diff --git a/roles/docker-wordpress/Administration.md b/roles/docker-wordpress/Administration.md index 03b317ed..c2ccf657 100644 --- a/roles/docker-wordpress/Administration.md +++ b/roles/docker-wordpress/Administration.md @@ -2,14 +2,21 @@ ## database -## access database -To access the database execute +If you use a local instead of a central database you can use the following commands. + +### access database + +To access the database execute: + ```bash docker-compose exec -it database /bin/mysql -u wordpress -p ``` -## upgrade database -To upgrade the database execute +### upgrade database + +To upgrade the database execute: + + ```bash docker-compose exec -it database /bin/mysql_upgrade --user=root --password= ``` @@ -18,10 +25,18 @@ To upgrade the database execute - https://wolfgang.gassler.org/reset-password-mariadb-mysql-docker/ - https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password -## bash in application -docker-compose exec -it wordpress-application-1 /bin/sh +## shell in docker + +To execute the commands in the docker container execute: -## update wp-config.php ```bash -apt update && apt install nano && nano wp-config.php -``` \ No newline at end of file +docker-compose exec -it application /bin/sh +``` + +## Test Email + +To test the email execute: +```bash +echo "Test Email" | sendmail -v your-email@example.com +``` + diff --git a/roles/docker-wordpress/README.md b/roles/docker-wordpress/README.md index aadf9b4f..1685e4b5 100644 --- a/roles/docker-wordpress/README.md +++ b/roles/docker-wordpress/README.md @@ -1,6 +1,40 @@ -# role docker-wordpress +# WordPress + +## Description + +This role deploys and manages a Docker-based [WordPress](http://wordpress.com/) instance, including support for multisite installations. It builds a custom WordPress image that installs msmtp (for email delivery) and configures PHP settings for uploads and email functionality. + +For detailed administrative procedures (database access, container management, etc.), please refer to the [Administration Reference](./Administration.md). + +## Overview + +Tailored for Arch Linux environments using Docker, this role: +- **Custom Image Build:** Builds a Docker image for WordPress with msmtp installed to act as a sendmail replacement. +- **Multisite Support:** Configures WordPress to support multiple sites by integrating with external domain setup roles. +- **Centralized Database Management:** Leverages the docker-central-database role to ensure consistent database configuration. +- **Docker Compose Integration:** Uses Docker Compose templates for container orchestration and service management. + +## Purpose + +The role aims to automate the provisioning of a robust, scalable WordPress instance in a containerized environment while ensuring reliable email delivery through msmtp and streamlined multi-site management. + +## Features + +- **Custom WordPress Container:** Builds an image with msmtp and custom PHP settings. +- **Multisite Capabilities:** Configures settings and domains for multisite WordPress deployments. +- **Integrated Database Access:** Works in tandem with a central database role. +- **Seamless Docker Compose Deployment:** Provides templates for Docker Compose and environment configuration. +- **Administration Documentation:** See the [Administration Reference](./Administration.md) for tasks like database access, upgrades, and configuration updates. ## multiside - https://multilingualpress.de/doku/wordpress-multisite-installieren-einrichten/ - https://pressable.com/knowledgebase/adding-or-changing-the-domain-on-a-wordpress-multisite/ - https://wpengine.com/support/how-to-change-a-multi-site-primary-domain/ + +## Credits + +Developed and maintained by **Kevin Veen-Birkenbach**. +Learn more at [www.veen.world](https://www.veen.world) + +Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais) +License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl) diff --git a/roles/docker-wordpress/files/Dockerfile b/roles/docker-wordpress/files/Dockerfile index ce946abc..a46dc1cb 100644 --- a/roles/docker-wordpress/files/Dockerfile +++ b/roles/docker-wordpress/files/Dockerfile @@ -1,2 +1,12 @@ FROM wordpress + +# Update and installation of msmtp +RUN apt-get update && \ + apt-get install -y msmtp msmtp-mta && \ + rm -rf /var/lib/apt/lists/* + +# Copy the msmtp configuration into the container +COPY msmtp.conf /etc/msmtp.conf + +# Copy the PHP configuration for uploads (and mail settings) COPY upload.ini $PHP_INI_DIR/conf.d/ \ No newline at end of file diff --git a/roles/docker-wordpress/meta/main.yml b/roles/docker-wordpress/meta/main.yml new file mode 100644 index 00000000..e12d7939 --- /dev/null +++ b/roles/docker-wordpress/meta/main.yml @@ -0,0 +1,25 @@ +galaxy_info: + author: "Kevin Veen-Birkenbach" + description: > + Deploys and configures a Docker-based WordPress instance with multisite support, + custom image building, and integrated msmtp for reliable email delivery. + license: "CyMaIS NonCommercial License (CNCL)" + license_url: "https://s.veen.world/cncl" + company: | + Kevin Veen-Birkenbach + Consulting & Coaching Solutions + https://www.veen.world + min_ansible_version: "2.9" + platforms: + - name: Archlinux + versions: + - rolling + galaxy_tags: + - wordpress + - docker + - multisite + - msmtp + - automation + repository: "https://s.veen.world/cymais" + issue_tracker_url: "https://s.veen.world/cymaisissues" + documentation: "https://s.veen.world/cymais" \ No newline at end of file diff --git a/roles/docker-wordpress/tasks/main.yml b/roles/docker-wordpress/tasks/main.yml index 0cd7bd7c..86d02b9d 100644 --- a/roles/docker-wordpress/tasks/main.yml +++ b/roles/docker-wordpress/tasks/main.yml @@ -3,32 +3,39 @@ include_role: name: docker-central-database -- name: "include role nginx-domain-setup for {{application_id}}" +- name: "include role nginx-domain-setup for {{ application_id }}" include_role: name: nginx-domain-setup loop: "{{ domains.wordpress }}" loop_control: loop_var: domain vars: - nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{wordpress_max_upload_size}};" - http_port: "{{ ports.localhost.http[application_id] }}" + nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{ wordpress_max_upload_size }};" + http_port: "{{ ports.localhost.http[application_id] }}" -- name: "Transfering upload.ini to {{docker_compose.directories.instance}}" +- name: "Transfering upload.ini to {{ docker_compose.directories.instance }}" template: src: upload.ini.j2 - dest: "{{docker_compose.directories.instance}}upload.ini" + dest: "{{ docker_compose.directories.instance }}upload.ini" notify: - docker compose project setup - rebuild wordpress container -- name: "Transfering Dockerfile to {{docker_compose.directories.instance}}" +- name: "Transfering msmtp.conf to {{ docker_compose.directories.instance }}" + template: + src: "{{ playbook_dir }}/roles/msmtp/templates/msmtprc.conf.j2" + dest: "{{ docker_compose.directories.instance }}msmtp.conf" + notify: + - docker compose project setup + - rebuild wordpress container + +- name: "Transfering Dockerfile to {{ docker_compose.directories.instance }}" copy: src: Dockerfile - dest: "{{docker_compose.directories.instance}}Dockerfile" + dest: "{{ docker_compose.directories.instance }}Dockerfile" notify: - docker compose project setup - rebuild wordpress container - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml - diff --git a/roles/docker-wordpress/templates/upload.ini.j2 b/roles/docker-wordpress/templates/upload.ini.j2 index cab4cfc4..5927c80b 100644 --- a/roles/docker-wordpress/templates/upload.ini.j2 +++ b/roles/docker-wordpress/templates/upload.ini.j2 @@ -1,5 +1,8 @@ file_uploads = On -memory_limit = {{wordpress_max_upload_size}} -upload_max_filesize = {{wordpress_max_upload_size}} -post_max_size = {{wordpress_max_upload_size}} -max_execution_time = 300 \ No newline at end of file +memory_limit = {{ wordpress_max_upload_size }} +upload_max_filesize = {{ wordpress_max_upload_size }} +post_max_size = {{ wordpress_max_upload_size }} +max_execution_time = 300 + +; Use msmtp as the Mail Transfer Agent +sendmail_path = "/usr/bin/msmtp -t" \ No newline at end of file diff --git a/roles/msmtp/README.md b/roles/msmtp/README.md new file mode 100644 index 00000000..d54495c8 --- /dev/null +++ b/roles/msmtp/README.md @@ -0,0 +1,29 @@ +# msmtp 📧 + +## Description + +This Ansible role installs and configures **msmtp** and **msmtp-mta** on Arch Linux systems. It provides a lightweight SMTP client that serves as a drop-in replacement for the traditional sendmail command, enabling reliable email delivery via an external SMTP server. For more background on SMTP, see [SMTP on Wikipedia](https://en.wikipedia.org/wiki/SMTP). + +## Overview + +Tailored for Arch Linux, this role uses the `pacman` package manager to install **msmtp** and **msmtp-mta**. It then deploys a pre-configured msmtprc file via a Jinja2 template that defines settings for authentication, TLS, and the target SMTP server. This role is ideal for environments where automated email notifications or direct email sending are required. + +## Purpose + +The purpose of this role is to automate the setup of a lightweight SMTP client that acts as a sendmail replacement. By configuring msmtp, the role facilitates direct email sending using your SMTP server credentials, making it a simple yet effective solution for system notifications and other email-based communications. + +## Features + +- **Installs msmtp and msmtp-mta:** Uses `pacman` to install the required packages. +- **Customizable SMTP Configuration:** Deploys a customizable msmtprc configuration file with parameters for TLS, authentication, and server details. +- **Drop-in sendmail Replacement:** Configures msmtp to serve as the default sendmail command. +- **Idempotent Setup:** Ensures the tasks run only once with internal flagging. +- **Integration Ready:** Easily integrates with other system roles within the CyMaIS environment for automated notifications. + +## Credits 📝 + +Developed and maintained by **Kevin Veen-Birkenbach**. +Learn more at [www.veen.world](https://www.veen.world) + +Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais) +License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl) \ No newline at end of file diff --git a/roles/msmtp/meta/main.yml b/roles/msmtp/meta/main.yml new file mode 100644 index 00000000..5e636dd7 --- /dev/null +++ b/roles/msmtp/meta/main.yml @@ -0,0 +1,24 @@ +galaxy_info: + author: "Kevin Veen-Birkenbach" + description: "Installs and configures msmtp, a lightweight SMTP client and sendmail replacement." + license: "CyMaIS NonCommercial License (CNCL)" + license_url: "https://s.veen.world/cncl" + company: | + Kevin Veen-Birkenbach + Consulting & Coaching Solutions + https://www.veen.world + min_ansible_version: "2.9" + platforms: + - name: Archlinux + versions: + - rolling + galaxy_tags: + - email + - msmtp + - smtp + - automation + - archlinux + repository: "https://s.veen.world/cymais" + issue_tracker_url: "https://s.veen.world/cymaisissues" + documentation: "https://s.veen.world/cymais" +dependencies: [] diff --git a/roles/msmtp/tasks/main.yml b/roles/msmtp/tasks/main.yml new file mode 100644 index 00000000..0975c85e --- /dev/null +++ b/roles/msmtp/tasks/main.yml @@ -0,0 +1,19 @@ +- name: install msmtp msmtp-mta + community.general.pacman: + name: + - msmtp + - msmtp-mta + state: present + when: run_once_msmtp is not defined + +- name: configure msmtprc.conf.j2 + template: + src: "msmtprc.conf.j2" + dest: "/root/.msmtprc" + mode: 600 + when: run_once_msmtp is not defined + +- name: run the msmtp tasks once + set_fact: + run_once_msmtp: true + when: run_once_msmtp is not defined \ No newline at end of file diff --git a/roles/systemd-notifier-email/templates/msmtprc.conf.j2 b/roles/msmtp/templates/msmtprc.conf.j2 similarity index 100% rename from roles/systemd-notifier-email/templates/msmtprc.conf.j2 rename to roles/msmtp/templates/msmtprc.conf.j2 diff --git a/roles/nginx-modifier-matomo/tasks/main.yml b/roles/nginx-modifier-matomo/tasks/main.yml index 8fcd6077..bfdd6aa8 100644 --- a/roles/nginx-modifier-matomo/tasks/main.yml +++ b/roles/nginx-modifier-matomo/tasks/main.yml @@ -8,7 +8,7 @@ verification_url: "{{ verification_url }}" when: enable_debug | bool -- name: Check if site {{ domain }} is allready registered at Matomo +- name: "Check if site {{ domain }} is allready registered at Matomo" uri: url: "{{verification_url}}" method: GET diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 4a78869d..98f8d0a4 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,6 +1,8 @@ --- - name: install nginx - pacman: name=nginx state=present + pacman: + name: nginx + state: present notify: restart nginx when: run_once_nginx is not defined diff --git a/roles/systemd-notifier-email/meta/main.yml b/roles/systemd-notifier-email/meta/main.yml index 1b35a3fa..a605e062 100644 --- a/roles/systemd-notifier-email/meta/main.yml +++ b/roles/systemd-notifier-email/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: author: "Kevin Veen-Birkenbach" - description: "Installs and configures components for sending email notifications through systemd using msmtp. This role is part of the systemd-notifier suite, providing automated alerts when services fail." + description: "Installs and configures components for sending email notifications. This role is part of the systemd-notifier suite, providing automated alerts when services fail." license: "CyMaIS NonCommercial License (CNCL)" license_url: "https://s.veen.world/cncl" company: | @@ -22,4 +22,5 @@ galaxy_info: repository: "https://s.veen.world/cymais" issue_tracker_url: "https://s.veen.world/cymaisissues" documentation: "https://s.veen.world/cymais" -dependencies: [] +dependencies: + - msmtp diff --git a/roles/systemd-notifier-email/tasks/main.yml b/roles/systemd-notifier-email/tasks/main.yml index 95411c90..22d8c1f3 100644 --- a/roles/systemd-notifier-email/tasks/main.yml +++ b/roles/systemd-notifier-email/tasks/main.yml @@ -1,14 +1,3 @@ -- name: install smtp-forwarder - pacman: name=smtp-forwarder state=present - when: run_once_systemd_notifier_email is not defined - -- name: configure msmtprc.conf.j2 - template: - src: "msmtprc.conf.j2" - dest: "/root/.msmtprc" - mode: 600 - when: run_once_systemd_notifier_email is not defined - - name: "create {{systemd_notifier_email_folder}}" file: path: "{{systemd_notifier_email_folder}}"