summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/templates
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-05-13 20:02:29 +0200
committerJan Dittberner <jandd@cacert.org>2020-05-13 20:02:29 +0200
commit393d264f6fdef8ab2095b4900fb172debe63585b (patch)
tree7207d386445b870d00358bb9f888c0bc11a19602 /sitemodules/profiles/templates
parentf705bdffc2ff115bd59f1695014409bef66690bd (diff)
downloadcacert-puppet-393d264f6fdef8ab2095b4900fb172debe63585b.tar.gz
cacert-puppet-393d264f6fdef8ab2095b4900fb172debe63585b.tar.xz
cacert-puppet-393d264f6fdef8ab2095b4900fb172debe63585b.zip
Incorporate changes to the community RoundCube
- add dovecot_impersonate and twofactor_gauthenticator plugins - ensure that email.cacert.org is setup in /etc/hosts with its internal IP address - add certificate validation for smtp and imap
Diffstat (limited to 'sitemodules/profiles/templates')
-rw-r--r--sitemodules/profiles/templates/roundcube/config.inc.php.epp63
-rw-r--r--sitemodules/profiles/templates/roundcube/managesieve-config.inc.php.epp9
2 files changed, 71 insertions, 1 deletions
diff --git a/sitemodules/profiles/templates/roundcube/config.inc.php.epp b/sitemodules/profiles/templates/roundcube/config.inc.php.epp
index fe216d6..ec21a9e 100644
--- a/sitemodules/profiles/templates/roundcube/config.inc.php.epp
+++ b/sitemodules/profiles/templates/roundcube/config.inc.php.epp
@@ -4,6 +4,9 @@
String $support_url,
String $des_key,
String $skin,
+ String $mail_domain,
+ String $debug,
+ String $cacert_certs,
| -%>
<?php
@@ -97,3 +100,63 @@ $config['skin'] = '<%= $skin %>';
// see defaults.inc.php for additional informations
$config['enable_spellcheck'] = false;
+// This domain will be used to form e-mail addresses of new users
+// Specify an array with 'host' => 'domain' values to support multiple hosts
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %t = domain.tld
+$config['mail_domain'] = '<%= $mail_domain %>';
+
+// Set identities access level:
+// 0 - many identities with possibility to edit all params
+// 1 - many identities with possibility to edit all params but not email address
+// 2 - one identity with possibility to edit all params
+// 3 - one identity with possibility to edit all params but not email address
+// 4 - one identity with possibility to edit only signature
+$config['identities_level'] = 1;
+
+// Log IMAP conversation to <log_dir>/imap or to syslog
+$config['imap_debug'] = <%= $debug %>;
+
+// Log SMTP conversation to <log_dir>/smtp or to syslog
+$config['smtp_debug'] = <%= $debug %>;
+
+// IMAP socket context options
+// See http://php.net/manual/en/context.ssl.php
+// The example below enables server certificate validation
+//$config['imap_conn_options'] = array(
+// 'ssl' => array(
+// 'verify_peer' => true,
+// 'verify_depth' => 3,
+// 'cafile' => '/etc/openssl/certs/ca.crt',
+// ),
+// );
+// Note: These can be also specified as an array of options indexed by hostname
+$config['imap_conn_options'] = array(
+ 'ssl' => array(
+ 'verify_peer' => true,
+ 'cafile' => '<%= $cacert_certs %>',
+ ),
+);
+
+// SMTP socket context options
+// See http://php.net/manual/en/context.ssl.php
+// The example below enables server certificate validation, and
+// requires 'smtp_timeout' to be non zero.
+// $config['smtp_conn_options'] = array(
+// 'ssl' => array(
+// 'verify_peer' => true,
+// 'verify_depth' => 3,
+// 'cafile' => '/etc/openssl/certs/ca.crt',
+// ),
+// );
+// Note: These can be also specified as an array of options indexed by hostname
+$config['smtp_conn_options'] = array(
+ 'ssl' => array(
+ 'verify_peer' => true,
+ 'cafile' => '<%= $cacert_certs %>',
+ ),
+);
diff --git a/sitemodules/profiles/templates/roundcube/managesieve-config.inc.php.epp b/sitemodules/profiles/templates/roundcube/managesieve-config.inc.php.epp
index 6ea400a..5e529e0 100644
--- a/sitemodules/profiles/templates/roundcube/managesieve-config.inc.php.epp
+++ b/sitemodules/profiles/templates/roundcube/managesieve-config.inc.php.epp
@@ -1,3 +1,5 @@
+<%- | String $cacert_certs,
+| -%>
<?php
// THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN BY THE
@@ -42,7 +44,12 @@ $config['managesieve_usetls'] = true;
// ),
// );
// Note: These can be also specified as an array of options indexed by hostname
-$config['managesieve_conn_options'] = null;
+$config['managesieve_conn_options'] = array(
+ 'ssl' => array(
+ 'verify_peer' => true,
+ 'cafile' => '<%= $cacert_certs %>',
+ ),
+);
// default contents of filters script (eg. default spam filter)