16 changed files with 103 additions and 17 deletions
Unified View
Diff Options
-
+3 -0defaults/main.yaml
-
+2 -0handlers/main.yaml
-
+8 -0tasks/auth/passwdfile.yaml
-
+17 -0tasks/auth/sql.yaml
-
+7 -8tasks/main.yaml
-
+5 -1templates/conf.d/10-auth.conf.j2
-
+5 -3templates/conf.d/10-mail.conf.j2
-
+20 -3templates/conf.d/10-master.conf.j2
-
+2 -0templates/conf.d/10-ssl.conf.j2
-
+2 -0templates/conf.d/20-lmtp.conf.j2
-
+2 -0templates/conf.d/90-plugin.conf.j2
-
+17 -0templates/conf.d/auth-passwdfile.conf.ext.j2
-
+2 -0templates/conf.d/auth-sql.conf.ext.j2
-
+2 -0templates/dovecot-sql.conf.ext.j2
-
+4 -2templates/dovecot.conf.j2
-
+5 -0templates/users.j2
+ 3
- 0
defaults/main.yaml
View File
| @@ -2,3 +2,6 @@ dovecot_postfixadmin_mysql_database: postfixadmin | |||||
| dovecot_postfixadmin_mysql_username: dovecot | dovecot_postfixadmin_mysql_username: dovecot | ||||
| vmail_uid: 500 | vmail_uid: 500 | ||||
| vmail_gid: 500 | vmail_gid: 500 | ||||
| dovecot_lmtp_inet_listener: false | |||||
| dovecot_unix_listeners_for_postfix: false | |||||
| dovecot_auth_inet_listener: false | |||||
+ 2
- 0
handlers/main.yaml
View File
| @@ -1,3 +1,5 @@ | |||||
| --- | |||||
| - name: reload dovecot | - name: reload dovecot | ||||
| systemd: | systemd: | ||||
| name: dovecot | name: dovecot | ||||
+ 8
- 0
tasks/auth/passwdfile.yaml
View File
| @@ -0,0 +1,8 @@ | |||||
| --- | |||||
| - name: dovecot users | |||||
| template: | |||||
| src: users.j2 | |||||
| dest: /etc/dovecot/users | |||||
| group: dovecot | |||||
| mode: 0640 | |||||
+ 17
- 0
tasks/auth/sql.yaml
View File
| @@ -0,0 +1,17 @@ | |||||
| --- | |||||
| - name: dovecot sql config | |||||
| template: | |||||
| src: dovecot-sql.conf.ext.j2 | |||||
| dest: /etc/dovecot/dovecot-sql.conf.ext.j2 | |||||
| notify: | |||||
| - reload dovecot | |||||
| - name: postfixadmin mysql user | |||||
| mysql_user: | |||||
| name: "{{dovecot_postfixadmin_mysql_username}}" | |||||
| password: "{{dovecot_postfixadmin_mysql_password}}" | |||||
| priv: "{{dovecot_postfixadmin_mysql_database}}.*:SELECT" | |||||
| host: "{{inventory_hostname}}" | |||||
| state: present | |||||
| delegate_to: "{{dovecot_postfixadmin_mysql_host}}" | |||||
+ 7
- 8
tasks/main.yaml
View File
| @@ -1,12 +1,12 @@ | |||||
| --- | --- | ||||
| - name: install package | |||||
| - name: install packages | |||||
| apt: | apt: | ||||
| pkg: "{{ item }}" | |||||
| with_items: | |||||
| - dovecot-imapd | |||||
| - dovecot-lmtpd | |||||
| - dovecot-mysql | |||||
| pkg: | |||||
| - dovecot-imapd | |||||
| - dovecot-lmtpd | |||||
| - dovecot-mysql | |||||
| - ssl-cert | |||||
| notify: | notify: | ||||
| - reload dovecot | - reload dovecot | ||||
| @@ -40,5 +40,4 @@ | |||||
| notify: | notify: | ||||
| - reload dovecot | - reload dovecot | ||||
| - import_tasks: sql.yaml | |||||
| when: "{{ dovecot_auth == 'sql' }}" | |||||
| - include_tasks: auth/{{dovecot_auth}}.yaml | |||||
+ 5
- 1
templates/conf.d/10-auth.conf.j2
View File
| @@ -1,3 +1,5 @@ | |||||
| {{ansible_managed|comment}} | |||||
| ## | ## | ||||
| ## Authentication processes | ## Authentication processes | ||||
| ## | ## | ||||
| @@ -119,8 +121,10 @@ auth_mechanisms = plain login | |||||
| #!include auth-deny.conf.ext | #!include auth-deny.conf.ext | ||||
| #!include auth-master.conf.ext | #!include auth-master.conf.ext | ||||
| !include auth-{{dovecot_auth}}.conf.ext | |||||
| #!include auth-system.conf.ext | #!include auth-system.conf.ext | ||||
| !include auth-sql.conf.ext | |||||
| #!include auth-sql.conf.ext | |||||
| #!include auth-ldap.conf.ext | #!include auth-ldap.conf.ext | ||||
| #!include auth-passwdfile.conf.ext | #!include auth-passwdfile.conf.ext | ||||
| #!include auth-checkpassword.conf.ext | #!include auth-checkpassword.conf.ext | ||||
+ 5
- 3
templates/conf.d/10-mail.conf.j2
View File
| @@ -1,3 +1,5 @@ | |||||
| {{ansible_managed|comment}} | |||||
| ## | ## | ||||
| ## Mailbox locations and namespaces | ## Mailbox locations and namespaces | ||||
| ## | ## | ||||
| @@ -27,7 +29,7 @@ | |||||
| # | # | ||||
| # <doc/wiki/MailLocation.txt> | # <doc/wiki/MailLocation.txt> | ||||
| # | # | ||||
| #mail_home = /var/vmail/%d/%n | |||||
| mail_home = /home/vmail/%d/%n | |||||
| mail_location = mdbox:~/mail.mdbox | mail_location = mdbox:~/mail.mdbox | ||||
| # If you need to set multiple mailbox locations or want to change default | # If you need to set multiple mailbox locations or want to change default | ||||
| @@ -106,8 +108,8 @@ namespace inbox { | |||||
| # System user and group used to access mails. If you use multiple, userdb | # System user and group used to access mails. If you use multiple, userdb | ||||
| # can override these by returning uid or gid fields. You can use either numbers | # can override these by returning uid or gid fields. You can use either numbers | ||||
| # or names. <doc/wiki/UserIds.txt> | # or names. <doc/wiki/UserIds.txt> | ||||
| #mail_uid = | |||||
| #mail_gid = | |||||
| mail_uid = vmail | |||||
| mail_gid = vmail | |||||
| # Group to enable temporarily for privileged operations. Currently this is | # Group to enable temporarily for privileged operations. Currently this is | ||||
| # used only with INBOX when either its initial creation or dotlocking fails. | # used only with INBOX when either its initial creation or dotlocking fails. | ||||
+ 20
- 3
templates/conf.d/10-master.conf.j2
View File
| @@ -1,3 +1,5 @@ | |||||
| {{ansible_managed|comment}} | |||||
| #default_process_limit = 100 | #default_process_limit = 100 | ||||
| #default_client_limit = 1000 | #default_client_limit = 1000 | ||||
| @@ -12,7 +14,7 @@ | |||||
| # Internal user is used by unprivileged processes. It should be separate from | # Internal user is used by unprivileged processes. It should be separate from | ||||
| # login user, so that login processes can't disturb other processes. | # login user, so that login processes can't disturb other processes. | ||||
| #default_internal_user = dovecot | |||||
| default_internal_user = dovecot | |||||
| service imap-login { | service imap-login { | ||||
| inet_listener imap { | inet_listener imap { | ||||
| @@ -46,14 +48,21 @@ service pop3-login { | |||||
| } | } | ||||
| service lmtp { | service lmtp { | ||||
| {% if dovecot_lmtp_inet_listener %} | |||||
| inet_listener lmtp { | |||||
| port = 24 | |||||
| } | |||||
| {% endif %} | |||||
| unix_listener lmtp { | unix_listener lmtp { | ||||
| #mode = 0666 | #mode = 0666 | ||||
| } | } | ||||
| {% if dovecot_unix_listeners_for_postfix %} | |||||
| unix_listener /var/spool/postfix/private/dovecot-lmtp { | unix_listener /var/spool/postfix/private/dovecot-lmtp { | ||||
| group = postfix | group = postfix | ||||
| mode = 0600 | mode = 0600 | ||||
| user = postfix | user = postfix | ||||
| } | } | ||||
| {% endif %} | |||||
| } | } | ||||
| service imap { | service imap { | ||||
| @@ -90,22 +99,30 @@ service auth { | |||||
| #group = | #group = | ||||
| } | } | ||||
| {% if dovecot_unix_listeners_for_postfix %} | |||||
| # Postfix smtp-auth | # Postfix smtp-auth | ||||
| unix_listener /var/spool/postfix/private/auth { | unix_listener /var/spool/postfix/private/auth { | ||||
| mode = 0666 | mode = 0666 | ||||
| user = postfix | user = postfix | ||||
| group = postfix | group = postfix | ||||
| } | } | ||||
| {% endif %} | |||||
| {% if dovecot_auth_inet_listener %} | |||||
| inet_listener { | |||||
| port = 3659 | |||||
| } | |||||
| {% endif %} | |||||
| # Auth process is run as this user. | # Auth process is run as this user. | ||||
| #user = $default_internal_user | |||||
| user = $default_internal_user | |||||
| } | } | ||||
| service auth-worker { | service auth-worker { | ||||
| # Auth worker process is run as root by default, so that it can access | # Auth worker process is run as root by default, so that it can access | ||||
| # /etc/shadow. If this isn't necessary, the user should be changed to | # /etc/shadow. If this isn't necessary, the user should be changed to | ||||
| # $default_internal_user. | # $default_internal_user. | ||||
| #user = root | |||||
| user = $default_internal_user | |||||
| } | } | ||||
| service dict { | service dict { | ||||
+ 2
- 0
templates/conf.d/10-ssl.conf.j2
View File
| @@ -1,3 +1,5 @@ | |||||
| {{ansible_managed|comment}} | |||||
| ## | ## | ||||
| ## SSL settings | ## SSL settings | ||||
| ## | ## | ||||
+ 2
- 0
templates/conf.d/20-lmtp.conf.j2
View File
| @@ -1,3 +1,5 @@ | |||||
| {{ansible_managed|comment}} | |||||
| ## | ## | ||||
| ## LMTP specific settings | ## LMTP specific settings | ||||
| ## | ## | ||||
+ 2
- 0
templates/conf.d/90-plugin.conf.j2
View File
| @@ -1,2 +1,4 @@ | |||||
| {{ansible_managed|comment}} | |||||
| plugin { | plugin { | ||||
| } | } | ||||
+ 17
- 0
templates/conf.d/auth-passwdfile.conf.ext.j2
View File
| @@ -0,0 +1,17 @@ | |||||
| {{ansible_managed|comment}} | |||||
| # Authentication for passwd-file users. Included from 10-auth.conf. | |||||
| # | |||||
| # passwd-like file with specified location. | |||||
| # <doc/wiki/AuthDatabase.PasswdFile.txt> | |||||
| passdb { | |||||
| driver = passwd-file | |||||
| args = scheme=CRYPT username_format=%u /etc/dovecot/users | |||||
| } | |||||
| userdb { | |||||
| driver = passwd-file | |||||
| args = username_format=%u /etc/dovecot/users | |||||
| #default_fields = uid=vmail gid=vmail home=/home/vmail/%d/%u | |||||
| } | |||||
+ 2
- 0
templates/conf.d/auth-sql.conf.ext.j2
View File
| @@ -1,3 +1,5 @@ | |||||
| {{ansible_managed|comment}} | |||||
| # Authentication for SQL users. Included from 10-auth.conf. | # Authentication for SQL users. Included from 10-auth.conf. | ||||
| # | # | ||||
| # <doc/wiki/AuthDatabase.SQL.txt> | # <doc/wiki/AuthDatabase.SQL.txt> | ||||
+ 2
- 0
templates/dovecot-sql.conf.ext.j2
View File
| @@ -1,3 +1,5 @@ | |||||
| {{ansible_managed|comment}} | |||||
| # This file is commonly accessed via passdb {} or userdb {} section in | # This file is commonly accessed via passdb {} or userdb {} section in | ||||
| # conf.d/auth-sql.conf.ext | # conf.d/auth-sql.conf.ext | ||||
+ 4
- 2
templates/dovecot.conf.j2
View File
| @@ -1,3 +1,5 @@ | |||||
| {{ansible_managed|comment}} | |||||
| ## Dovecot configuration file | ## Dovecot configuration file | ||||
| # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration | # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration | ||||
| @@ -23,7 +25,7 @@ | |||||
| # Enable installed protocols | # Enable installed protocols | ||||
| !include_try /usr/share/dovecot/protocols.d/*.protocol | !include_try /usr/share/dovecot/protocols.d/*.protocol | ||||
| # A comma separated list of IPs or hosts where to listen in for connections. | |||||
| # A comma separated list of IPs or hosts where to listen in for connections. | |||||
| # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. | # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. | ||||
| # If you want to specify non-default ports or anything more complex, | # If you want to specify non-default ports or anything more complex, | ||||
| # edit conf.d/master.conf. | # edit conf.d/master.conf. | ||||
| @@ -48,7 +50,7 @@ | |||||
| #login_trusted_networks = | #login_trusted_networks = | ||||
| # Space separated list of login access check sockets (e.g. tcpwrap) | # Space separated list of login access check sockets (e.g. tcpwrap) | ||||
| #login_access_sockets = | |||||
| #login_access_sockets = | |||||
| # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do | # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do | ||||
| # proxying. This isn't necessary normally, but may be useful if the destination | # proxying. This isn't necessary normally, but may be useful if the destination | ||||
+ 5
- 0
templates/users.j2
View File
| @@ -0,0 +1,5 @@ | |||||
| {{ansible_managed|comment}} | |||||
| {% for name , user in dovecot_users.items() %} | |||||
| {{name}}:{{user.password}}:::::: | |||||
| {% endfor %} | |||||