first commit

templates/conf.php.j2

@@ -0,0 +1,72 @@
+<?php
+
+// {{ ansible_managed }}
+
+$debug = 0;
+$database = [
+    'host'         => '{{ database_host }}',
+    'type'         => 'mysql',
+    'name'         => '{{ dmarcsrg_database }}',
+    'user'         => '{{ dmarcsrg_datababse }}',
+    'password'     => '{{ dmarcsrg_datababse_password }}',
+    'table_prefix' => ''
+];
+
+/**
+ * It is only required if you want to get reports from a mailbox automatically.
+ * In order to collect reports from several mailboxes, you should put each
+ * mailbox settings in an array.
+ */
+$mailboxes = [
+    'name'            => 'Dmarc-Rua',
+    'host'            => 'yourdomain.net',
+    'encryption'      => 'ssl',
+    'novalidate-cert' => false,
+    'username'        => 'dmarc-rua@yourdomain.net',
+    'password'        => 'password',
+    'mailbox'         => 'INBOX',
+    'auth_exclude'    => []
+];
+
+$admin = [
+    'password' => 'null',
+    'user_management' => false
+];
+
+//
+$fetcher = [
+    'mailboxes' => [
+        'messages_maximum' => 10,
+        'when_done' => 'mark_seen',
+        'when_failed' => 'move_to:failed'
+    ],
+    'allowed_domains' => ''
+];
+
+$mailer = [
+    'from'    => 'postmaster@yourdomain.net',
+    'default' => 'user@yourdomain.net'
+];
+
+//
+$cleaner = [
+    'mailboxes' => [
+        'days_old'       => 30,
+        'delete_maximum' => 50,
+        'leave_minimum'  => 100,
+        'done'           => 'seen',
+        'failed'         => 'none'
+    ],
+
+    'reports' => [
+        'days_old'       => 30,
+        'delete_maximum' => 50,
+        'leave_minimum'  => 100
+    ],
+
+    'reportlog' => [
+        'days_old'       => 30,
+        'delete_maximum' => 50,
+        'leave_minimum'  => 100
+    ]
+];

templates/fpmpool.j2

@@ -0,0 +1,25 @@
+;{{ ansible_managed }}
+
+[global]
+error_log = ${FPM_ERROR_LOG}
+
+[{{ dmarcsrg_user }}]
+listen = ${FPM_SOCKET_PATH}
+pm = ondemand
+pm.max_children = 5
+pm.process_idle_timeout = 10s
+pm.max_requests = 200
+pm.status_path = /status
+chdir = /
+clear_env = no
+security.limit_extensions = .php .php3 .php4 .php5
+php_admin_value[opcache.validate_permission] = 1
+php_admin_value[opcache.validate_root] = 1
+php_admin_value[session.cookie_samesite] = Lax
+php_admin_value[openssl.capath] = /etc/ssl/certs
+php_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[memory_limit] = 256M
+php_admin_value[upload_max_filesize] = {{ postfix_message_size_limit | human_readable(unit='M') | replace (' MB','') | int | round }}M
+php_admin_value[post_max_size] = {{ postfix_message_size_limit | human_readable(unit='M') | replace (' MB','') | int | round }}M
+php_admin_value[disable_functions] = mail,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_exec,passthru,system,proc_nice,proc_terminate,curl_ini,parse_ini_file,show_source,dl,symlink,system_exec,exec,shell_exec,phpinfo

templates/systemd/override.conf.j2

@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+[Service]
+LockPersonality=true
+NoNewPrivileges=true
+ProtectSystem=strict
+ReadWritePaths=-{{ php_fpm_log_dir }}/
+ReadWritePaths=-/var/run/
+ReadWritePaths=-/run/
+InaccessiblePaths=-/root/