moismailzai.protonmail_bridge_headless

Panoramica Versioni Approfondimenti

Ansible Role: ProtonMail Bridge (headless)

This setup installs the ProtonMail Bridge (can ask for 2FA), registers it to run without a graphical user interface, and sets up Postfix to work with it. It works on RedHat/CentOS, Debian/Ubuntu, and Archlinux servers.

Background

The ProtonMail Bridge app for Linux allows you to connect your ProtonMail account with email programs that use IMAP and SMTP, like Thunderbird and Evolution. The Bridge is available for all paid ProtonMail users.

This role is designed to automate the installation of the bridge on machines that do not have a GUI.

Here’s what this role will do:

  • Download the latest version of the bridge
  • Verify the package is signed before installing
  • Set up the bridge with your user details
  • Create a service to keep the bridge running in the background
  • Create a special user to run the service
  • Configure Postfix to work with the bridge (SASL)
  • For RHEL systems, it can also configure SELinux settings

Requirements

You need to have RedHat/CentOS 8, Ubuntu 18 or higher, or a recent version of Debian, Archlinux, or Manjaro.

Role Variables

Here are the variables you can set, with their default values (refer to defaults/main.yml):

protonmail_username: ""
protonmail_password: ""
protonmail_custom_domain: ""
protonmail_enable_2fa: false

These represent your ProtonMail account info and domain. They link your account to the ProtonMail Bridge and configure Postfix. NOTE: If protonmail_enable_2fa is set to true, you will need to interactively input a 2FA code.

# configure_selinux: ""

Decide if SELinux should be configured. It defaults to true for RHEL systems and false otherwise.

gpg_key_settings:
    type: default
    length: default
    subkey_type: default
    subkey_length: default
    expire_date: 0
    name: protonmail-bridge-headless service key
    email: root@localhost

These settings help create a local GPG key needed for the ProtonMail Bridge and pass to work together. You can modify the templates/protonmail-bridge.gpg.j2 file for more options. NOTE: The default settings create a new, unprotected key just for the bridge. To add a password to the key, you’ll need to change the default values and templates/protonmail-bridge-headless.service.sh.j2.

configure_gpg: "true"
configure_pass: "true"
configure_postfix: "true"
configure_service: "true"
configure_user: "true"

You can set these to skip specific tasks in this role.

protonmail_lib_dir: "/var/lib/protonmail"

This is where the configuration and service files will be kept.

protonmail_user: "protonmail"
protonmail_user_flags: "-L"

This specifies the name and flags for the service user.

postfix_hostname: "{{ protonmail_custom_domain }}"
postfix_localhost_address: "127.0.0.1"

Settings you can change in main.cf.

selinux_httpd_can_sendmail: "true"

This determines if SELinux policies for httpd should be added when configuring Postfix.

Dependencies

You must have a paid ProtonMail account.

Sample Usage

First, install the current version of Ansible:
For Archlinux:

sudo pacman -Syu ansible

For RHEL:

sudo dnf -y install epel-release
sudo dnf repolist
sudo dnf -y install ansible

For Debian:

sudo apt update
sudo apt install -y software-properties-common
sudo apt-add-repository -y -u ppa:ansible/ansible
sudo apt install -y ansible

Next, create a file named main.yml with the following content (replace your_username, your_password, and your_domain with your actual values):

- name: "Install and configure ProtonMail Bridge as a headless service"
  become: "yes"
  hosts: "all"
  vars:
    protonmail_username: "your_username"
    protonmail_password: "your_password"
    protonmail_custom_domain: "your_domain"
  roles:
    - "moismailzai.protonmail_bridge_headless"

Now, in the command line from the same directory, run:

# installs this role from Ansible Galaxy
ansible-galaxy install moismailzai.protonmail_bridge_headless

# ensures Ansible can find the role you just downloaded
ln -s ~/.ansible/roles roles

# runs the playbook you created in the previous step
sudo ansible-playbook -c local -i localhost, main.yml

Once everything is done, you can send a test message from the command line:

echo "If you are seeing this, the bridge has been correctly configured." | mail -s "ProtonMail-bridge test message" -r your@email.address recipients@email.address

License

MIT

Author Information

This role was created in 2021 by Mo Ismailzai.

Informazioni sul progetto

Installs the ProtonMail bridge (optionally prompting for 2FA), registers it as a headless service, and configures Postfix to use it.

role bridge postfix protonmail protonmailbridge
Installa
ansible-galaxy install moismailzai.protonmail_bridge_headless
GitHub repository
24 stelle
3 fork
2 problemi aperti
Licenza
mit
Download
197
Proprietario
Mo Ismailzai
ismailzai.com/keys/ssh.pub ismailzai.com/keys/gpg.asc