current

5 лет назад · bbdd0749f2
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -2,3 +2,6 @@ dovecot_postfixadmin_mysql_database: postfixadmin
 dovecot_postfixadmin_mysql_username: dovecot
 vmail_uid: 500
 vmail_gid: 500
 dovecot_lmtp_inet_listener: false
 dovecot_unix_listeners_for_postfix: false
 dovecot_auth_inet_listener: false
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
@@ -1,3 +1,5 @@
 ---

 - name: reload dovecot
  systemd:
    name: dovecot
--- a/tasks/auth/passwdfile.yaml
+++ b/tasks/auth/passwdfile.yaml
@@ -0,0 +1,8 @@
 ---

 - name: dovecot users
  template:
    src: users.j2
    dest: /etc/dovecot/users
    group: dovecot
    mode: 0640
--- a/tasks/auth/sql.yaml
+++ b/tasks/auth/sql.yaml
@@ -0,0 +1,17 @@
 ---

 - name: dovecot sql config
  template:
    src: dovecot-sql.conf.ext.j2
    dest: /etc/dovecot/dovecot-sql.conf.ext.j2
  notify:
    - reload dovecot

 - name: postfixadmin mysql user
  mysql_user:
    name: "{{dovecot_postfixadmin_mysql_username}}"
    password: "{{dovecot_postfixadmin_mysql_password}}"
    priv: "{{dovecot_postfixadmin_mysql_database}}.*:SELECT"
    host: "{{inventory_hostname}}"
    state: present
  delegate_to: "{{dovecot_postfixadmin_mysql_host}}"
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@@ -1,12 +1,12 @@
 ---

 - name: install package
 - name: install packages
  apt:
    pkg: "{{ item }}"
  with_items:
    - dovecot-imapd
    - dovecot-lmtpd
    - dovecot-mysql
    pkg:
      - dovecot-imapd
      - dovecot-lmtpd
      - dovecot-mysql
      - ssl-cert
  notify:
    - reload dovecot

@@ -40,5 +40,4 @@
  notify:
    - reload dovecot

 - import_tasks: sql.yaml
  when: "{{ dovecot_auth == 'sql' }}"
 - include_tasks: auth/{{dovecot_auth}}.yaml
--- a/templates/conf.d/10-auth.conf.j2
+++ b/templates/conf.d/10-auth.conf.j2
@@ -1,3 +1,5 @@
 {{ansible_managed|comment}}

 ##
 ## Authentication processes
 ##
@@ -119,8 +121,10 @@ auth_mechanisms = plain login
 #!include auth-deny.conf.ext
 #!include auth-master.conf.ext

 !include auth-{{dovecot_auth}}.conf.ext

 #!include auth-system.conf.ext
 !include auth-sql.conf.ext
 #!include auth-sql.conf.ext
 #!include auth-ldap.conf.ext
 #!include auth-passwdfile.conf.ext
 #!include auth-checkpassword.conf.ext
--- a/templates/conf.d/10-mail.conf.j2
+++ b/templates/conf.d/10-mail.conf.j2
@@ -1,3 +1,5 @@
 {{ansible_managed|comment}}

 ##
 ## Mailbox locations and namespaces
 ##
@@ -27,7 +29,7 @@
 #
 # <doc/wiki/MailLocation.txt>
 #
 #mail_home = /var/vmail/%d/%n
 mail_home = /home/vmail/%d/%n
 mail_location = mdbox:~/mail.mdbox

 # If you need to set multiple mailbox locations or want to change default
@@ -106,8 +108,8 @@ namespace inbox {
 # System user and group used to access mails. If you use multiple, userdb
 # can override these by returning uid or gid fields. You can use either numbers
 # or names. <doc/wiki/UserIds.txt>
 #mail_uid =
 #mail_gid =
 mail_uid = vmail
 mail_gid = vmail

 # Group to enable temporarily for privileged operations. Currently this is
 # used only with INBOX when either its initial creation or dotlocking fails.
--- a/templates/conf.d/10-master.conf.j2
+++ b/templates/conf.d/10-master.conf.j2
@@ -1,3 +1,5 @@
 {{ansible_managed|comment}}

 #default_process_limit = 100
 #default_client_limit = 1000

@@ -12,7 +14,7 @@

 # Internal user is used by unprivileged processes. It should be separate from
 # login user, so that login processes can't disturb other processes.
 #default_internal_user = dovecot
 default_internal_user = dovecot

 service imap-login {
  inet_listener imap {
@@ -46,14 +48,21 @@ service pop3-login {
 }

 service lmtp {
 {% if dovecot_lmtp_inet_listener %}
  inet_listener lmtp {
    port = 24
  }
 {% endif %}
  unix_listener lmtp {
    #mode = 0666
  }
 {% if dovecot_unix_listeners_for_postfix %}
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
  }
 {% endif %}
 }

 service imap {
@@ -90,22 +99,30 @@ service auth {
    #group =
  }

 {% if dovecot_unix_listeners_for_postfix %}
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
 {% endif %}

 {% if dovecot_auth_inet_listener %}
  inet_listener {
    port = 3659
  }
 {% endif %}

  # Auth process is run as this user.
  #user = $default_internal_user
  user = $default_internal_user
 }

 service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  #user = root
  user = $default_internal_user
 }

 service dict {
--- a/templates/conf.d/10-ssl.conf.j2
+++ b/templates/conf.d/10-ssl.conf.j2
@@ -1,3 +1,5 @@
 {{ansible_managed|comment}}

 ##
 ## SSL settings
 ##
--- a/templates/conf.d/20-lmtp.conf.j2
+++ b/templates/conf.d/20-lmtp.conf.j2
@@ -1,3 +1,5 @@
 {{ansible_managed|comment}}

 ##
 ## LMTP specific settings
 ##
--- a/templates/conf.d/90-plugin.conf.j2
+++ b/templates/conf.d/90-plugin.conf.j2
@@ -1,2 +1,4 @@
 {{ansible_managed|comment}}

 plugin {
 }
--- a/templates/conf.d/auth-passwdfile.conf.ext.j2
+++ b/templates/conf.d/auth-passwdfile.conf.ext.j2
@@ -0,0 +1,17 @@
 {{ansible_managed|comment}}

 # Authentication for passwd-file users. Included from 10-auth.conf.
 #
 # passwd-like file with specified location.
 # <doc/wiki/AuthDatabase.PasswdFile.txt>

 passdb {
  driver = passwd-file
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
 }

 userdb {
  driver = passwd-file
  args = username_format=%u /etc/dovecot/users
  #default_fields = uid=vmail gid=vmail home=/home/vmail/%d/%u
 }
--- a/templates/conf.d/auth-sql.conf.ext.j2
+++ b/templates/conf.d/auth-sql.conf.ext.j2
@@ -1,3 +1,5 @@
 {{ansible_managed|comment}}

 # Authentication for SQL users. Included from 10-auth.conf.
 #
 # <doc/wiki/AuthDatabase.SQL.txt>
--- a/templates/dovecot-sql.conf.ext.j2
+++ b/templates/dovecot-sql.conf.ext.j2
@@ -1,3 +1,5 @@
 {{ansible_managed|comment}}

 # This file is commonly accessed via passdb {} or userdb {} section in
 # conf.d/auth-sql.conf.ext

--- a/templates/dovecot.conf.j2
+++ b/templates/dovecot.conf.j2
@@ -1,3 +1,5 @@
 {{ansible_managed|comment}}

 ## Dovecot configuration file

 # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
@@ -23,7 +25,7 @@
 # Enable installed protocols
 !include_try /usr/share/dovecot/protocols.d/*.protocol

 # A comma separated list of IPs or hosts where to listen in for connections. 
 # A comma separated list of IPs or hosts where to listen in for connections.
 # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
 # If you want to specify non-default ports or anything more complex,
 # edit conf.d/master.conf.
@@ -48,7 +50,7 @@
 #login_trusted_networks =

 # Space separated list of login access check sockets (e.g. tcpwrap)
 #login_access_sockets = 
 #login_access_sockets =

 # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
 # proxying. This isn't necessary normally, but may be useful if the destination
--- a/templates/users.j2
+++ b/templates/users.j2
@@ -0,0 +1,5 @@
 {{ansible_managed|comment}}

 {% for name , user in dovecot_users.items() %}
 {{name}}:{{user.password}}::::::
 {% endfor %}