From 8cce1ff3e54c89dbfb80851cf51dfbb7232f2d76 Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sat, 6 Apr 2024 19:51:43 +0100
Subject: Add dovecot role

---
 roles/dovecot/tasks/main.yml | 63 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 roles/dovecot/tasks/main.yml

(limited to 'roles/dovecot/tasks/main.yml')

diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml
new file mode 100644
index 0000000..3ed1a46
--- /dev/null
+++ b/roles/dovecot/tasks/main.yml
@@ -0,0 +1,63 @@
+- name: Install dovecot
+  ansible.builtin.package:
+    name:
+      - dovecot
+    state: present
+
+- name: Create vmail group
+  ansible.builtin.group:
+    name: vmail
+    gid: 5000
+    state: present
+
+- name: Create vmail user
+  ansible.builtin.user:
+    name: vmail
+    uid: 5000
+    group: vmail
+    shell: /usr/bin/nologin
+    state: present
+
+- name: Setup dovecot config directory
+  ansible.builtin.file:
+    path: /etc/dovecot
+    state: directory
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+
+# Note: use `doveadm pw -s SHA512-CRYPT` to generate a new password.
+- name: Copy dovecot passwd file
+  ansible.builtin.copy:
+    src: files/users
+    dest: /etc/dovecot/passwd
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+  notify:
+    - Reload dovecot
+
+- name: Configure dovecot
+  ansible.builtin.copy:
+    src: files/dovecot.conf
+    dest: /etc/dovecot/dovecot.conf
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+  notify:
+    - Check dovecot
+    - Reload dovecot
+
+- name: Copy dovecot certificate renewal hook
+  ansible.builtin.copy:
+    src: files/dovecot.sh
+    dest: /etc/letsencrypt/renewal-hooks/deploy/dovecot.sh
+    owner: root
+    group: root
+    mode: u+rwx,g+r,o+r
+
+- name: Enable dovecot systemd service
+  ansible.builtin.service:
+    name: dovecot
+    enabled: yes
+    state: started
-- 
cgit v1.2.3-70-g09d2