2 changed files with 9 additions and 4 deletions
Unified View
Diff Options
-
+5 -0tasks/main.yml
-
+4 -4templates/conf.d/10-ssl.conf.j2
+ 5
- 0
tasks/main.yml
View File
| @@ -10,6 +10,11 @@ | |||||
| notify: | notify: | ||||
| - reload dovecot | - reload dovecot | ||||
| - name: postfix user | |||||
| user: | |||||
| name: postfix | |||||
| groups: ssl-cert | |||||
| - name: vmail group | - name: vmail group | ||||
| group: | group: | ||||
| name: vmail | name: vmail | ||||
+ 4
- 4
templates/conf.d/10-ssl.conf.j2
View File
| @@ -3,14 +3,14 @@ | |||||
| ## | ## | ||||
| # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> | # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> | ||||
| ssl = no | |||||
| ssl = yes | |||||
| # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before | # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before | ||||
| # dropping root privileges, so keep the key file unreadable by anyone but | # dropping root privileges, so keep the key file unreadable by anyone but | ||||
| # root. Included doc/mkcert.sh can be used to easily generate self-signed | # root. Included doc/mkcert.sh can be used to easily generate self-signed | ||||
| # certificate, just make sure to update the domains in dovecot-openssl.cnf | # certificate, just make sure to update the domains in dovecot-openssl.cnf | ||||
| #ssl_cert = </etc/dovecot/dovecot.pem | |||||
| #ssl_key = </etc/dovecot/private/dovecot.pem | |||||
| ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem | |||||
| ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key | |||||
| # If key file is password protected, give the password here. Alternatively | # If key file is password protected, give the password here. Alternatively | ||||
| # give it when starting dovecot with -p parameter. Since this file is often | # give it when starting dovecot with -p parameter. Since this file is often | ||||
| @@ -21,7 +21,7 @@ ssl = no | |||||
| # PEM encoded trusted certificate authority. Set this only if you intend to use | # PEM encoded trusted certificate authority. Set this only if you intend to use | ||||
| # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) | # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) | ||||
| # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) | # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) | ||||
| #ssl_ca = | |||||
| #ssl_ca = | |||||
| # Require that CRL check succeeds for client certificates. | # Require that CRL check succeeds for client certificates. | ||||
| #ssl_require_crl = yes | #ssl_require_crl = yes | ||||