laxathom.passbolt
Passbolt
This is an Ansible role that helps you install and set up the Passbolt app on RHEL/CentOS (for now).
Role Variables
Here are the variables you can change for this role, which are found in defaults/main.yml with their default values. You may need to update them based on your needs. Most of them are not suitable for production use.
Base variables
passbolt_version: # The version of the app
passbolt_archive: # The full name of the app archive
passbolt_dl_url: # The URL to download and install the app
PHP-fpm configuration variables
passbolt_php_fpm_includedir: # Directory for PHP-FPM pool configurations
passbolt_php_fpm_pool: # Absolute path for app pool configuration
passbolt_php_fpm_user: # User under which PHP-FPM runs the app
passbolt_php_fpm_group: # Group under which PHP-FPM runs the app
passbolt_php_fpm_owner: # Owner of the PHP-FPM socket
passbolt_php_fpm_mode: # Mode for the PHP-FPM socket (usually for file-based sockets)
passbolt_php_fpm_whitelist: # List of IPs/hosts allowed to interact with PHP-FPM
passbolt_php_fpm_listen: # Method for PHP-FPM socket (file-based, host:port, etc.)
passbolt_php_fpm_listen_port: # Port for the PHP-FPM socket if not using `unix:`-based URI
Database setup variables
passbolt_dbhost: # Hostname of the database server
passbolt_dbuser: # Database username
passbolt_dbpass: # Database password
passbolt_dbname: # Database name to connect to
SMTP setup variables
passbolt_smtp_host: # Hostname of the SMTP server
passbolt_smtp_port: # SMTP server port
passbolt_smtp_auth: # SMTP authentication method (TLS, SSL). Leave blank for none.
passbolt_smtp_user: # SMTP user (if authentication is needed)
passbolt_smtp_pass: # SMTP password (if authentication is needed)
passbolt_smtp_timeout: # Timeout for SMTP connection
passbolt_smtp_sender: # Name of the sender
passbolt_smtp_sender_email: # Email of the sender
passbolt_error_report: # Whether the app should send out caught SQL errors
passbolt_error_report_email: # Email to send error notifications to
Dependencies
geerlingguy.repo-remi- needed ifpassbolt_install_phpis true.jdauphant.nginx- needed ifpassbolt_install_webserveris true.geerlingguy.php- needed ifpassbolt_install_phpis true.geerlingguy.mysql- needed ifpassbolt_install_dbserveris true.
If you are using different roles, set these variables to False and make sure to run those roles first.
You may also use Apache instead of Nginx if that's what your setup uses. This role does not include a predefined web configuration. It's set through NGINX variables (see tests/test.yml for details).
Example Playbook
- hosts: vault-servers
vars:
nginx_sites:
passbolt:
- listen 443 ssl
- server_name vault.domain.tld
- ssl_certificate /etc/ssl/domain.tld.cert
- ssl_certificate_key /etc/ssl/domain.tld.key
- server_tokens off
- root "{{ passbolt_webroot }}"
- location / { try_files $uri /index.php$is_args$args; }
- location ~ \.php(/|$) {
fastcgi_pass {{ passbolt_php_fpm_listen }};
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_read_timeout 500;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
roles:
- {
role: laxathom.passbolt
}
Testing
- Host requirements
- You need Docker installed and running.
Set up Ansible environment
printf '[defaults]\nroles_path=../\nhost_key_checking = False' > ansible.cfg
Install required testing items
% ansible-galaxy install -r tests/requirements.yml -p tests/roles
Run the playbook to test deployment
% sudo ansible-playbook -vv -i tests/inventory tests/test.yml
After you're done, you should be able to access the deployed application at http://localhost:8080/
Ansible role to install and configure passbolt API
ansible-galaxy install laxathom.passbolt