Add dovecot role

3 files changed, 89 insertions, 0 deletions

diff --git a/roles/dovecot/files/dovecot.conf b/roles/dovecot/files/dovecot.conf
new file mode 100644
index 0000000..35e8c3f
--- /dev/null
+++ b/roles/dovecot/files/dovecot.conf
@@ -0,0 +1,74 @@
+# Protocols we want to be serving.
+protocols = imap pop3
+
+# Path to the mail directory.
+mail_location = maildir:/var/mail/%d/%n/Maildir
+
+# Path to SSL certificate files.
+ssl_cert = </etc/letsencrypt/live/mail.ilvokhin.com/fullchain.pem
+ssl_key = </etc/letsencrypt/live/mail.ilvokhin.com/privkey.pem
+
+# Disable plaintext authentication, only SSL is allowed.
+disable_plaintext_auth = yes
+
+service auth {
+    # Postfix smtp-auth.
+    unix_listener /var/spool/postfix/private/auth {
+        mode = 0666
+        user = postfix
+        group = postfix
+    }
+}
+
+namespace {
+    inbox = yes
+    separator = /
+
+    # Create usual mail hierarchy.
+    mailbox Sent {
+        auto = subscribe
+        special_use = \Sent
+    }
+
+    mailbox Drafts {
+        auto = subscribe
+        special_use = \Drafts
+    }
+
+    mailbox Trash {
+        auto = subscribe
+        special_use = \Trash
+    }
+
+    mailbox Junk {
+        auto = subscribe
+        special_use = \Junk
+    }
+}
+
+# Use separate passwd file for storing passwords.
+passdb {
+    driver = passwd-file
+    args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/passwd
+}
+
+# Use the same separate passwd file for user lookup.
+userdb {
+    driver = passwd-file
+    args = username_format=%u /etc/dovecot/passwd
+    override_fields = uid=vmail gid=vmail
+}
+
+service imap-login {
+    # Do not listen for plain IMAP.
+    inet_listener imap {
+        port = 0
+    }
+}
+
+service pop3-login {
+    # Do not listen for plain POP3.
+    inet_listener pop3 {
+        port = 0
+    }
+}
diff --git a/roles/dovecot/files/dovecot.sh b/roles/dovecot/files/dovecot.sh
new file mode 100644
index 0000000..bd6f8e4
--- /dev/null
+++ b/roles/dovecot/files/dovecot.sh
@@ -0,0 +1,3 @@
+#! /bin/sh
+
+systemctl reload devecot
diff --git a/roles/dovecot/files/users b/roles/dovecot/files/users
new file mode 100644
index 0000000..3d8ff46
--- /dev/null
+++ b/roles/dovecot/files/users
@@ -0,0 +1,12 @@
+$ANSIBLE_VAULT;1.1;AES256
+37323432633565656236383639613864336138366164656335373766626564653964396236336333
+6335343039363064613365346137323065663236663030340a643765636631623065616430663463
+30616434376436393766643737343138336265616264336564653066343535623362333830616266
+6366333835653135340a303934613561333635326135636533303731636630643264643564393963
+30653131353566663238313162343130666433313235316236343937333135653565656330613930
+32373535613234346336643663323339653138316134353338326237383863326565366437613165
+32616531646233616536623634646537633239633266356230616136636161323061326562363963
+31336663323935383630353562656138396437643162396436656331356238303534373535363239
+66323938343637303764633639316164383831356232633533653664333233363335626266666630
+33333334383061363936306438613338393535336532643730336166616537386563623930386139
+613934363439326132643462623463633933