diff options
| -rw-r--r-- | roles/dovecot/files/dovecot.conf | 74 | ||||
| -rw-r--r-- | roles/dovecot/files/dovecot.sh | 3 | ||||
| -rw-r--r-- | roles/dovecot/files/users | 12 | ||||
| -rw-r--r-- | roles/dovecot/handlers/main.yml | 7 | ||||
| -rw-r--r-- | roles/dovecot/meta/main.yml | 2 | ||||
| -rw-r--r-- | roles/dovecot/tasks/main.yml | 63 |
6 files changed, 161 insertions, 0 deletions
diff --git a/roles/dovecot/files/dovecot.conf b/roles/dovecot/files/dovecot.conf new file mode 100644 index 0000000..35e8c3f --- /dev/null +++ b/roles/dovecot/files/dovecot.conf @@ -0,0 +1,74 @@ +# Protocols we want to be serving. +protocols = imap pop3 + +# Path to the mail directory. +mail_location = maildir:/var/mail/%d/%n/Maildir + +# Path to SSL certificate files. +ssl_cert = </etc/letsencrypt/live/mail.ilvokhin.com/fullchain.pem +ssl_key = </etc/letsencrypt/live/mail.ilvokhin.com/privkey.pem + +# Disable plaintext authentication, only SSL is allowed. +disable_plaintext_auth = yes + +service auth { + # Postfix smtp-auth. + unix_listener /var/spool/postfix/private/auth { + mode = 0666 + user = postfix + group = postfix + } +} + +namespace { + inbox = yes + separator = / + + # Create usual mail hierarchy. + mailbox Sent { + auto = subscribe + special_use = \Sent + } + + mailbox Drafts { + auto = subscribe + special_use = \Drafts + } + + mailbox Trash { + auto = subscribe + special_use = \Trash + } + + mailbox Junk { + auto = subscribe + special_use = \Junk + } +} + +# Use separate passwd file for storing passwords. +passdb { + driver = passwd-file + args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/passwd +} + +# Use the same separate passwd file for user lookup. +userdb { + driver = passwd-file + args = username_format=%u /etc/dovecot/passwd + override_fields = uid=vmail gid=vmail +} + +service imap-login { + # Do not listen for plain IMAP. + inet_listener imap { + port = 0 + } +} + +service pop3-login { + # Do not listen for plain POP3. + inet_listener pop3 { + port = 0 + } +} diff --git a/roles/dovecot/files/dovecot.sh b/roles/dovecot/files/dovecot.sh new file mode 100644 index 0000000..bd6f8e4 --- /dev/null +++ b/roles/dovecot/files/dovecot.sh @@ -0,0 +1,3 @@ +#! /bin/sh + +systemctl reload devecot diff --git a/roles/dovecot/files/users b/roles/dovecot/files/users new file mode 100644 index 0000000..3d8ff46 --- /dev/null +++ b/roles/dovecot/files/users @@ -0,0 +1,12 @@ +$ANSIBLE_VAULT;1.1;AES256 +37323432633565656236383639613864336138366164656335373766626564653964396236336333 +6335343039363064613365346137323065663236663030340a643765636631623065616430663463 +30616434376436393766643737343138336265616264336564653066343535623362333830616266 +6366333835653135340a303934613561333635326135636533303731636630643264643564393963 +30653131353566663238313162343130666433313235316236343937333135653565656330613930 +32373535613234346336643663323339653138316134353338326237383863326565366437613165 +32616531646233616536623634646537633239633266356230616136636161323061326562363963 +31336663323935383630353562656138396437643162396436656331356238303534373535363239 +66323938343637303764633639316164383831356232633533653664333233363335626266666630 +33333334383061363936306438613338393535336532643730336166616537386563623930386139 +613934363439326132643462623463633933 diff --git a/roles/dovecot/handlers/main.yml b/roles/dovecot/handlers/main.yml new file mode 100644 index 0000000..fba419a --- /dev/null +++ b/roles/dovecot/handlers/main.yml @@ -0,0 +1,7 @@ +- name: Reload dovecot + ansible.builtin.service: + name: dovecot + state: reloaded + +- name: Check dovecot + ansible.builtin.command: doveconf > /dev/null diff --git a/roles/dovecot/meta/main.yml b/roles/dovecot/meta/main.yml new file mode 100644 index 0000000..f645703 --- /dev/null +++ b/roles/dovecot/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - role: certmail diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml new file mode 100644 index 0000000..3ed1a46 --- /dev/null +++ b/roles/dovecot/tasks/main.yml @@ -0,0 +1,63 @@ +- name: Install dovecot + ansible.builtin.package: + name: + - dovecot + state: present + +- name: Create vmail group + ansible.builtin.group: + name: vmail + gid: 5000 + state: present + +- name: Create vmail user + ansible.builtin.user: + name: vmail + uid: 5000 + group: vmail + shell: /usr/bin/nologin + state: present + +- name: Setup dovecot config directory + ansible.builtin.file: + path: /etc/dovecot + state: directory + owner: root + group: root + mode: u+rw,g+r,o+r + +# Note: use `doveadm pw -s SHA512-CRYPT` to generate a new password. +- name: Copy dovecot passwd file + ansible.builtin.copy: + src: files/users + dest: /etc/dovecot/passwd + owner: root + group: root + mode: u+rw,g+r,o+r + notify: + - Reload dovecot + +- name: Configure dovecot + ansible.builtin.copy: + src: files/dovecot.conf + dest: /etc/dovecot/dovecot.conf + owner: root + group: root + mode: u+rw,g+r,o+r + notify: + - Check dovecot + - Reload dovecot + +- name: Copy dovecot certificate renewal hook + ansible.builtin.copy: + src: files/dovecot.sh + dest: /etc/letsencrypt/renewal-hooks/deploy/dovecot.sh + owner: root + group: root + mode: u+rwx,g+r,o+r + +- name: Enable dovecot systemd service + ansible.builtin.service: + name: dovecot + enabled: yes + state: started |