2024-01-08 11:58:39 +01:00
|
|
|
---
|
|
|
|
|
|
|
|
|
|
- name: Install needed packages
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.apt:
|
|
|
|
|
name:
|
|
|
|
|
- dovecot-pgsql
|
|
|
|
|
- dovecot-imapd
|
|
|
|
|
- dovecot-managesieved
|
|
|
|
|
- dovecot-lmtpd
|
|
|
|
|
|
2024-10-12 13:01:35 +02:00
|
|
|
- name: Create a LV for /var/vmail
|
|
|
|
|
become: true
|
|
|
|
|
community.general.lvol:
|
2025-01-10 14:06:42 +01:00
|
|
|
vg: "vg_{{ ansible_hostname }}"
|
2024-10-12 13:01:35 +02:00
|
|
|
lv: vmail
|
|
|
|
|
state: present
|
|
|
|
|
size: 5g
|
|
|
|
|
resizefs: true
|
|
|
|
|
|
|
|
|
|
- name: Format vmail LV to ext4
|
|
|
|
|
become: true
|
|
|
|
|
community.general.filesystem:
|
2025-01-12 10:06:54 +01:00
|
|
|
dev: "/dev/vg_{{ ansible_hostname }}/vmail"
|
2024-10-12 13:01:35 +02:00
|
|
|
fstype: ext4
|
|
|
|
|
resizefs: true
|
|
|
|
|
state: present
|
|
|
|
|
|
|
|
|
|
- name: Mount /var/vmail
|
|
|
|
|
become: true
|
|
|
|
|
ansible.posix.mount:
|
2025-01-12 10:06:54 +01:00
|
|
|
src: "/dev/vg_{{ ansible_hostname }}/vmail"
|
2024-10-12 13:01:35 +02:00
|
|
|
path: /var/vmail
|
|
|
|
|
state: mounted
|
|
|
|
|
fstype: ext4
|
|
|
|
|
|
2024-01-08 11:58:39 +01:00
|
|
|
- name: Create vmail group
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.group:
|
|
|
|
|
name: vmail
|
|
|
|
|
gid: 5000
|
|
|
|
|
state: present
|
|
|
|
|
|
|
|
|
|
- name: Create vmail user
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.user:
|
|
|
|
|
name: vmail
|
|
|
|
|
uid: 5000
|
|
|
|
|
group: vmail
|
|
|
|
|
home: /var/vmail
|
2024-10-12 13:01:35 +02:00
|
|
|
create_home: false
|
2024-01-08 11:58:39 +01:00
|
|
|
state: present
|
|
|
|
|
|
2024-10-12 13:01:35 +02:00
|
|
|
- name: Set ownership for /var/vmail
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: /var/vmail
|
|
|
|
|
state: directory
|
|
|
|
|
owner: vmail
|
|
|
|
|
group: vmail
|
|
|
|
|
recurse: true
|
|
|
|
|
|
2024-01-08 11:58:39 +01:00
|
|
|
- name: Add login to auth_mechanisms
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/10-auth.conf
|
|
|
|
|
regexp: '^auth_mechanisms =.*'
|
|
|
|
|
line: auth_mechanisms = plain login
|
|
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Remove system auth
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/10-auth.conf
|
|
|
|
|
regexp: '^#?\!include auth-system.conf.ext'
|
|
|
|
|
line: '#!include auth-system.conf.ext'
|
|
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Add SQL auth
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/10-auth.conf
|
|
|
|
|
regexp: '^#?\!include auth-sql.conf.ext'
|
|
|
|
|
line: '!include auth-sql.conf.ext'
|
|
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Configure mail_location
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/10-mail.conf
|
|
|
|
|
regexp: '^mail_location =.*'
|
2024-10-11 13:43:14 +02:00
|
|
|
line: 'mail_location = maildir:~/Maildir'
|
2024-01-08 11:58:39 +01:00
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Add quota plugin
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/10-mail.conf
|
|
|
|
|
regexp: '^#?mail_plugins =.*'
|
2024-10-11 13:43:14 +02:00
|
|
|
line: 'mail_plugins = quota'
|
2024-01-08 11:58:39 +01:00
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Add postfix auth socket config
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.blockinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/10-master.conf
|
|
|
|
|
block: |
|
2024-10-25 18:11:03 +02:00
|
|
|
{% filter indent(width=2, first=true) %}
|
2024-01-08 11:58:39 +01:00
|
|
|
unix_listener /var/spool/postfix/private/auth {
|
2024-11-15 12:42:20 +01:00
|
|
|
mode = 0600
|
2024-01-08 11:58:39 +01:00
|
|
|
user = postfix
|
|
|
|
|
group = postfix
|
|
|
|
|
}
|
2024-10-25 18:11:03 +02:00
|
|
|
{% endfilter %}
|
2024-01-08 11:58:39 +01:00
|
|
|
insertafter: '# Postfix smtp-auth'
|
2024-10-25 18:11:03 +02:00
|
|
|
marker: " # {mark} ANSIBLE MANAGED BLOCK AUTH"
|
2024-01-09 15:30:14 +01:00
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Add postfix lmtp socket config
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.blockinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/10-master.conf
|
|
|
|
|
block: |
|
2024-10-25 18:11:03 +02:00
|
|
|
{% filter indent(width=2, first=true) %}
|
2024-01-09 15:30:14 +01:00
|
|
|
unix_listener /var/spool/postfix/private/dovecot-lmtp {
|
2024-07-25 15:14:20 +02:00
|
|
|
mode = 0600
|
2024-01-09 15:30:14 +01:00
|
|
|
user = postfix
|
|
|
|
|
group = postfix
|
|
|
|
|
}
|
2024-10-25 18:11:03 +02:00
|
|
|
{% endfilter %}
|
2024-01-09 15:30:14 +01:00
|
|
|
insertafter: 'service lmtp'
|
2024-10-25 18:11:03 +02:00
|
|
|
marker: " # {mark} ANSIBLE MANAGED BLOCK LMTP"
|
2024-01-08 11:58:39 +01:00
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Add ssl cert and key config
|
|
|
|
|
become: true
|
|
|
|
|
loop:
|
|
|
|
|
- regexp: '^ssl_cert =.*'
|
2024-07-25 15:14:20 +02:00
|
|
|
line: "ssl_cert = </etc/letsencrypt/live/{{ add_cert_domain }}/fullchain.pem"
|
2024-01-08 11:58:39 +01:00
|
|
|
- regexp: '^ssl_key =.*'
|
2024-07-25 15:14:20 +02:00
|
|
|
line: "ssl_key = </etc/letsencrypt/live/{{ add_cert_domain }}/privkey.pem"
|
2024-01-08 11:58:39 +01:00
|
|
|
- regexp: '^ssl =.*'
|
|
|
|
|
line: ssl = required
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/10-ssl.conf
|
|
|
|
|
regexp: "{{ item.regexp }}"
|
|
|
|
|
line: "{{ item.line }}"
|
|
|
|
|
notify: Reload dovecot service
|
2024-01-09 14:49:25 +01:00
|
|
|
|
|
|
|
|
- name: Copy dovecot-sql.conf.ext
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: dovecot-sql.conf.ext.j2
|
|
|
|
|
dest: /etc/dovecot/dovecot-sql.conf.ext
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "640"
|
2024-07-25 15:14:20 +02:00
|
|
|
notify: Reload dovecot service
|
2024-01-09 16:28:39 +01:00
|
|
|
|
|
|
|
|
- name: Add sieve plugin
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/20-lmtp.conf
|
|
|
|
|
regexp: '^(\s*)#?mail_plugins =.*'
|
|
|
|
|
backrefs: true
|
|
|
|
|
line: '\1mail_plugins = $mail_plugins sieve'
|
|
|
|
|
notify: Reload dovecot service
|
2024-01-09 18:54:43 +01:00
|
|
|
|
2024-01-09 19:25:44 +01:00
|
|
|
- name: Copy quota-warning script
|
|
|
|
|
become: true
|
2024-11-01 16:42:54 +01:00
|
|
|
ansible.builtin.copy:
|
|
|
|
|
src: quota-warning.sh
|
2024-01-09 19:25:44 +01:00
|
|
|
dest: /usr/local/bin/quota-warning.sh
|
|
|
|
|
mode: "755"
|
|
|
|
|
|
2024-01-09 18:54:43 +01:00
|
|
|
- name: Copy 90-quota.conf
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: conf.d/90-quota.conf.j2
|
|
|
|
|
dest: /etc/dovecot/conf.d/90-quota.conf
|
|
|
|
|
mode: "644"
|
|
|
|
|
notify: Reload dovecot service
|
2024-07-25 18:14:46 +02:00
|
|
|
|
|
|
|
|
- name: Add sieve_after sieve config
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/90-sieve.conf
|
|
|
|
|
regexp: '^(\s*)#?sieve_after =.*'
|
|
|
|
|
backrefs: true
|
|
|
|
|
line: '\1sieve_after = /etc/dovecot/sieve-after'
|
|
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
2024-07-25 22:10:02 +02:00
|
|
|
- name: Create sieve directories
|
2024-07-25 18:14:46 +02:00
|
|
|
become: true
|
|
|
|
|
ansible.builtin.file:
|
2024-07-25 22:10:02 +02:00
|
|
|
path: "/etc/dovecot/{{ item }}"
|
2024-07-25 18:14:46 +02:00
|
|
|
state: directory
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "755"
|
2024-07-25 22:10:02 +02:00
|
|
|
loop:
|
|
|
|
|
- sieve
|
|
|
|
|
- sieve-after
|
2024-07-25 18:14:46 +02:00
|
|
|
|
|
|
|
|
- name: Copy spam-to-folder.sieve
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: spam-to-folder.sieve.j2
|
|
|
|
|
dest: /etc/dovecot/sieve-after/spam-to-folder.sieve
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "644"
|
|
|
|
|
notify: Compile spam-to-folder.sieve
|
2024-07-25 18:48:48 +02:00
|
|
|
|
2024-07-25 22:10:27 +02:00
|
|
|
- name: Add autoexpunge mailbox config (Junk)
|
2024-07-25 18:48:48 +02:00
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/15-mailboxes.conf
|
|
|
|
|
line: " autoexpunge = 30d"
|
2024-07-25 22:10:27 +02:00
|
|
|
insertafter: "mailbox Junk"
|
2024-07-25 18:48:48 +02:00
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
2024-07-25 22:10:27 +02:00
|
|
|
- name: Add autoexpunge mailbox config (Trash)
|
2024-07-25 18:48:48 +02:00
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/15-mailboxes.conf
|
2024-07-25 22:10:27 +02:00
|
|
|
line: " autoexpunge = 30d"
|
|
|
|
|
insertafter: "mailbox Trash"
|
|
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Add subscribe mailbox config (Junk)
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/15-mailboxes.conf
|
|
|
|
|
line: " auto = subscribe"
|
|
|
|
|
insertafter: 'special_use =.*Junk'
|
|
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Add subscribe mailbox config (Trash)
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/15-mailboxes.conf
|
|
|
|
|
line: " auto = subscribe"
|
|
|
|
|
insertafter: 'special_use =.*Trash'
|
2024-07-25 18:48:48 +02:00
|
|
|
notify: Reload dovecot service
|
2024-07-25 19:04:59 +02:00
|
|
|
|
|
|
|
|
- name: Add imap_sieve plugin
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/20-imap.conf
|
|
|
|
|
regexp: '^(\s*)#?mail_plugins =.*'
|
|
|
|
|
backrefs: true
|
|
|
|
|
line: '\1mail_plugins = $mail_plugins quota imap_sieve'
|
|
|
|
|
notify: Reload dovecot service
|
2024-07-25 22:10:02 +02:00
|
|
|
|
|
|
|
|
- name: Add imapsieve config for Junk training
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.blockinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/90-sieve.conf
|
|
|
|
|
block: |
|
2024-10-25 18:11:03 +02:00
|
|
|
{% filter indent(width=2, first=true) %}
|
2024-07-25 22:10:02 +02:00
|
|
|
# From elsewhere to Junk folder
|
|
|
|
|
imapsieve_mailbox1_name = Junk
|
|
|
|
|
imapsieve_mailbox1_causes = COPY
|
|
|
|
|
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve
|
|
|
|
|
# From Junk folder to elsewhere
|
|
|
|
|
imapsieve_mailbox2_name = *
|
|
|
|
|
imapsieve_mailbox2_from = Junk
|
|
|
|
|
imapsieve_mailbox2_causes = COPY
|
|
|
|
|
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve
|
|
|
|
|
|
|
|
|
|
sieve_pipe_bin_dir = /etc/dovecot/sieve
|
2024-10-25 18:11:03 +02:00
|
|
|
{% endfilter %}
|
2024-07-25 22:10:02 +02:00
|
|
|
insertafter: 'plugin {'
|
2024-10-25 18:11:03 +02:00
|
|
|
marker: " # {mark} ANSIBLE MANAGED BLOCK IMAPSIEVE"
|
2024-07-25 22:10:02 +02:00
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Add configs for imapsieve
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/dovecot/conf.d/90-sieve.conf
|
|
|
|
|
regexp: '^(\s*)#?{{ item.key }} =.*'
|
|
|
|
|
backrefs: true
|
|
|
|
|
line: '\1{{ item.key }} = {{ item.val }}'
|
|
|
|
|
loop:
|
|
|
|
|
- key: sieve_global_extensions
|
|
|
|
|
val: '+vnd.dovecot.pipe'
|
|
|
|
|
- key: sieve_plugins
|
|
|
|
|
val: 'sieve_imapsieve sieve_extprograms'
|
|
|
|
|
notify: Reload dovecot service
|
|
|
|
|
|
|
|
|
|
- name: Copy learn-spam.sieve
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: learn-spam.sieve.j2
|
|
|
|
|
dest: /etc/dovecot/sieve/learn-spam.sieve
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "600"
|
|
|
|
|
notify: Compile learn-spam.sieve
|
|
|
|
|
|
|
|
|
|
- name: Copy learn-ham.sieve
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: learn-ham.sieve.j2
|
|
|
|
|
dest: /etc/dovecot/sieve/learn-ham.sieve
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "600"
|
|
|
|
|
notify: Compile learn-ham.sieve
|
|
|
|
|
|
|
|
|
|
- name: Copy rspamd-learn-spam.sh and rspamd-learn-ham.sh scripts
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: "rspamd-learn-{{ item }}.sh.j2"
|
|
|
|
|
dest: "/etc/dovecot/sieve/rspamd-learn-{{ item }}.sh"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "700"
|
|
|
|
|
loop:
|
|
|
|
|
- spam
|
|
|
|
|
- ham
|
2024-09-28 11:44:49 +02:00
|
|
|
|
|
|
|
|
- name: Allow incoming IMAP/IMAPS
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
src: nftables/input.d/imap-imaps.conf
|
|
|
|
|
dest: /etc/nftables/input.d/imap-imaps.conf
|
|
|
|
|
mode: 0640
|
|
|
|
|
notify: Reload nftables service
|
2024-10-06 12:44:56 +02:00
|
|
|
|
|
|
|
|
- name: Allow incoming ManageSieve
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
src: nftables/input.d/managesieve.conf
|
|
|
|
|
dest: /etc/nftables/input.d/managesieve.conf
|
|
|
|
|
mode: 0640
|
|
|
|
|
notify: Reload nftables service
|
