Implemented msmtp for wordpress

10_ENTERPRISE_SOLUTIONS.md

@@ -9,9 +9,9 @@
 - **Compliance & Audit Logs** - Maintain regulatory standards
 
 ## Use Cases 💼
-✅ **Cloud-Based Infrastructure** (Docker, Kubernetes, CI/CD pipelines)
+- ✅ **Cloud-Based Infrastructure** (Docker, Kubernetes, CI/CD pipelines)
-✅ **Enterprise Networking & VPN** (WireGuard, OpenVPN, Firewall rules)
+- ✅ **Enterprise Networking & VPN** (WireGuard, OpenVPN, Firewall rules)
-✅ **Database & Business Apps** (PostgreSQL, Nextcloud, ERP systems)
+- ✅ **Database & Business Apps** (PostgreSQL, Nextcloud, ERP systems)
-✅ **Custom Security Solutions** (Keycloak, LDAP, 2FA enforcement)
+- ✅ **Custom Security Solutions** (Keycloak, LDAP, 2FA enforcement)
 
 Interested? Contact [Kevin Veen-Birkenbach](mailto:kevin@veen.world) to discuss tailored enterprise solutions.

roles/README.md

@@ -1,5 +1,5 @@
 # Applications and Roles
-CyMaIS offers a variety of applications to simplify your daily tasks.  
+CyMaIS offers a variety of applications to simplify your daily tasks.
 
 ## For Users  
 Discover the solutions CyMaIS provides for you:  

roles/docker-wordpress/Administration.md

@@ -2,14 +2,21 @@
 
 ## database 
 
-## access database
+If you use a local instead of a central database you can use the following commands.
-To access the database execute
+
+### access database
+
+To access the database execute:
+
 ```bash
   docker-compose exec -it database /bin/mysql -u wordpress -p
 ```
 
-## upgrade database
+### upgrade database
-To upgrade the database execute
+
+To upgrade the database execute:
+
+
 ```bash
   docker-compose exec -it database /bin/mysql_upgrade --user=root --password=
 ```
@@ -18,10 +25,18 @@ To upgrade the database execute
 - https://wolfgang.gassler.org/reset-password-mariadb-mysql-docker/
 - https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
 
-## bash in application
+## shell in docker
-docker-compose exec -it wordpress-application-1 /bin/sh
+
+To execute the commands in the docker container execute:
 
-## update wp-config.php
 ```bash
-apt update && apt install nano && nano wp-config.php
+docker-compose exec -it application /bin/sh
-```
+```
+
+## Test Email
+
+To test the email execute:
+```bash
+echo "Test Email" | sendmail -v your-email@example.com
+```
+

roles/docker-wordpress/README.md

@@ -1,6 +1,40 @@
-# role docker-wordpress
+# WordPress
+
+## Description
+
+This role deploys and manages a Docker-based [WordPress](http://wordpress.com/) instance, including support for multisite installations. It builds a custom WordPress image that installs msmtp (for email delivery) and configures PHP settings for uploads and email functionality.
+
+For detailed administrative procedures (database access, container management, etc.), please refer to the [Administration Reference](./Administration.md).
+
+## Overview
+
+Tailored for Arch Linux environments using Docker, this role:
+- **Custom Image Build:** Builds a Docker image for WordPress with msmtp installed to act as a sendmail replacement.
+- **Multisite Support:** Configures WordPress to support multiple sites by integrating with external domain setup roles.
+- **Centralized Database Management:** Leverages the docker-central-database role to ensure consistent database configuration.
+- **Docker Compose Integration:** Uses Docker Compose templates for container orchestration and service management.
+
+## Purpose
+
+The role aims to automate the provisioning of a robust, scalable WordPress instance in a containerized environment while ensuring reliable email delivery through msmtp and streamlined multi-site management.
+
+## Features
+
+- **Custom WordPress Container:** Builds an image with msmtp and custom PHP settings.
+- **Multisite Capabilities:** Configures settings and domains for multisite WordPress deployments.
+- **Integrated Database Access:** Works in tandem with a central database role.
+- **Seamless Docker Compose Deployment:** Provides templates for Docker Compose and environment configuration.
+- **Administration Documentation:** See the [Administration Reference](./Administration.md) for tasks like database access, upgrades, and configuration updates.
 
 ## multiside
 - https://multilingualpress.de/doku/wordpress-multisite-installieren-einrichten/
 - https://pressable.com/knowledgebase/adding-or-changing-the-domain-on-a-wordpress-multisite/
 - https://wpengine.com/support/how-to-change-a-multi-site-primary-domain/
+
+## Credits
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

roles/docker-wordpress/files/Dockerfile

@@ -1,2 +1,12 @@
 FROM wordpress
+
+# Update and installation of msmtp
+RUN apt-get update && \
+    apt-get install -y msmtp msmtp-mta && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copy the msmtp configuration into the container
+COPY msmtp.conf /etc/msmtp.conf
+
+# Copy the PHP configuration for uploads (and mail settings)
 COPY upload.ini $PHP_INI_DIR/conf.d/

roles/docker-wordpress/meta/main.yml

@@ -0,0 +1,25 @@
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: >
+    Deploys and configures a Docker-based WordPress instance with multisite support,
+    custom image building, and integrated msmtp for reliable email delivery.
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - wordpress
+    - docker
+    - multisite
+    - msmtp
+    - automation
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"

roles/docker-wordpress/tasks/main.yml

@@ -3,32 +3,39 @@
   include_role: 
     name: docker-central-database
   
-- name: "include role nginx-domain-setup for {{application_id}}"
+- name: "include role nginx-domain-setup for {{ application_id }}"
   include_role:
     name: nginx-domain-setup
   loop: "{{ domains.wordpress }}"
   loop_control:
     loop_var: domain
   vars:
-    nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{wordpress_max_upload_size}};"
+    nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{ wordpress_max_upload_size }};"
-    http_port: 	                                    "{{ ports.localhost.http[application_id] }}"
+    http_port: "{{ ports.localhost.http[application_id] }}"
 
-- name: "Transfering upload.ini to {{docker_compose.directories.instance}}"
+- name: "Transfering upload.ini to {{ docker_compose.directories.instance }}"
   template:
     src: upload.ini.j2
-    dest: "{{docker_compose.directories.instance}}upload.ini"
+    dest: "{{ docker_compose.directories.instance }}upload.ini"
   notify: 
     - docker compose project setup
     - rebuild wordpress container
 
-- name: "Transfering Dockerfile to {{docker_compose.directories.instance}}"
+- name: "Transfering msmtp.conf to {{ docker_compose.directories.instance }}"
+  template:
+    src: "{{ playbook_dir }}/roles/msmtp/templates/msmtprc.conf.j2"
+    dest: "{{ docker_compose.directories.instance }}msmtp.conf"
+  notify:
+    - docker compose project setup
+    - rebuild wordpress container
+
+- name: "Transfering Dockerfile to {{ docker_compose.directories.instance }}"
   copy:
     src: Dockerfile
-    dest: "{{docker_compose.directories.instance}}Dockerfile"
+    dest: "{{ docker_compose.directories.instance }}Dockerfile"
   notify:
     - docker compose project setup
     - rebuild wordpress container
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml
-  

roles/docker-wordpress/templates/upload.ini.j2

@@ -1,5 +1,8 @@
 file_uploads        = On
-memory_limit        = {{wordpress_max_upload_size}}
+memory_limit        = {{ wordpress_max_upload_size }}
-upload_max_filesize = {{wordpress_max_upload_size}}
+upload_max_filesize = {{ wordpress_max_upload_size }}
-post_max_size       = {{wordpress_max_upload_size}}
+post_max_size       = {{ wordpress_max_upload_size }}
-max_execution_time  = 300
+max_execution_time  = 300
+
+; Use msmtp as the Mail Transfer Agent
+sendmail_path = "/usr/bin/msmtp -t"

roles/msmtp/README.md

@@ -0,0 +1,29 @@
+# msmtp 📧
+
+## Description
+
+This Ansible role installs and configures **msmtp** and **msmtp-mta** on Arch Linux systems. It provides a lightweight SMTP client that serves as a drop-in replacement for the traditional sendmail command, enabling reliable email delivery via an external SMTP server. For more background on SMTP, see [SMTP on Wikipedia](https://en.wikipedia.org/wiki/SMTP).
+
+## Overview
+
+Tailored for Arch Linux, this role uses the `pacman` package manager to install **msmtp** and **msmtp-mta**. It then deploys a pre-configured msmtprc file via a Jinja2 template that defines settings for authentication, TLS, and the target SMTP server. This role is ideal for environments where automated email notifications or direct email sending are required.
+
+## Purpose
+
+The purpose of this role is to automate the setup of a lightweight SMTP client that acts as a sendmail replacement. By configuring msmtp, the role facilitates direct email sending using your SMTP server credentials, making it a simple yet effective solution for system notifications and other email-based communications.
+
+## Features
+
+- **Installs msmtp and msmtp-mta:** Uses `pacman` to install the required packages.
+- **Customizable SMTP Configuration:** Deploys a customizable msmtprc configuration file with parameters for TLS, authentication, and server details.
+- **Drop-in sendmail Replacement:** Configures msmtp to serve as the default sendmail command.
+- **Idempotent Setup:** Ensures the tasks run only once with internal flagging.
+- **Integration Ready:** Easily integrates with other system roles within the CyMaIS environment for automated notifications.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

roles/msmtp/meta/main.yml

@@ -0,0 +1,24 @@
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Installs and configures msmtp, a lightweight SMTP client and sendmail replacement."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - email
+    - msmtp
+    - smtp
+    - automation
+    - archlinux
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+dependencies: []

roles/msmtp/tasks/main.yml

@@ -0,0 +1,19 @@
+- name: install msmtp msmtp-mta 
+  community.general.pacman:
+    name:
+      - msmtp
+      - msmtp-mta
+    state:  present
+  when: run_once_msmtp is not defined
+
+- name: configure msmtprc.conf.j2
+  template:
+    src:  "msmtprc.conf.j2"
+    dest: "/root/.msmtprc"
+    mode: 600
+  when: run_once_msmtp is not defined
+
+- name: run the msmtp tasks once
+  set_fact:
+    run_once_msmtp: true
+  when: run_once_msmtp is not defined

roles/nginx-modifier-matomo/tasks/main.yml

@@ -8,7 +8,7 @@
       verification_url: "{{ verification_url }}"
   when: enable_debug | bool
 
-- name: Check if site {{ domain }} is allready registered at Matomo
+- name: "Check if site {{ domain }} is allready registered at Matomo"
   uri:
     url:            "{{verification_url}}"
     method:         GET

roles/nginx/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
 - name: install nginx
-  pacman: name=nginx state=present
+  pacman:
+    name:   nginx
+    state:  present
   notify: restart nginx
   when: run_once_nginx is not defined
 

roles/systemd-notifier-email/meta/main.yml

@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
-  description: "Installs and configures components for sending email notifications through systemd using msmtp. This role is part of the systemd-notifier suite, providing automated alerts when services fail."
+  description: "Installs and configures components for sending email notifications. This role is part of the systemd-notifier suite, providing automated alerts when services fail."
   license: "CyMaIS NonCommercial License (CNCL)"
   license_url: "https://s.veen.world/cncl"
   company: |
@@ -22,4 +22,5 @@ galaxy_info:
   repository: "https://s.veen.world/cymais"
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
-dependencies: []
+dependencies:
+  - msmtp

roles/systemd-notifier-email/tasks/main.yml

@@ -1,14 +1,3 @@
-- name: install smtp-forwarder
-  pacman: name=smtp-forwarder state=present
-  when: run_once_systemd_notifier_email is not defined
-
-- name: configure msmtprc.conf.j2
-  template:
-    src:  "msmtprc.conf.j2"
-    dest: "/root/.msmtprc"
-    mode: 600
-  when: run_once_systemd_notifier_email is not defined
-
 - name: "create {{systemd_notifier_email_folder}}"
   file:
     path: "{{systemd_notifier_email_folder}}"