From 998390668efca7f26daed189548f1b5d925e1f43 Mon Sep 17 00:00:00 2001
From: Tunui Franken <tfranken@protonmail.com>
Date: Sat, 28 Sep 2024 11:44:49 +0200
Subject: [PATCH] Setup nftables for mailserver_dovecot

---
 .../files/nftables/input.d/imap-imaps.conf                | 1 +
 roles/mailserver_dovecot/meta/main.yml                    | 4 ++++
 roles/mailserver_dovecot/tasks/main.yml                   | 8 ++++++++
 3 files changed, 13 insertions(+)
 create mode 100644 roles/mailserver_dovecot/files/nftables/input.d/imap-imaps.conf
 create mode 100644 roles/mailserver_dovecot/meta/main.yml

diff --git a/roles/mailserver_dovecot/files/nftables/input.d/imap-imaps.conf b/roles/mailserver_dovecot/files/nftables/input.d/imap-imaps.conf
new file mode 100644
index 0000000..9e70423
--- /dev/null
+++ b/roles/mailserver_dovecot/files/nftables/input.d/imap-imaps.conf
@@ -0,0 +1 @@
+tcp dport {143, 993} accept comment "Allow IMAP/IMAPS from all"
diff --git a/roles/mailserver_dovecot/meta/main.yml b/roles/mailserver_dovecot/meta/main.yml
new file mode 100644
index 0000000..0b0dbbe
--- /dev/null
+++ b/roles/mailserver_dovecot/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: setup_nftables
diff --git a/roles/mailserver_dovecot/tasks/main.yml b/roles/mailserver_dovecot/tasks/main.yml
index 4d7347d..72ba08e 100644
--- a/roles/mailserver_dovecot/tasks/main.yml
+++ b/roles/mailserver_dovecot/tasks/main.yml
@@ -280,3 +280,11 @@
   loop:
     - spam
     - ham
+
+- name: Allow incoming IMAP/IMAPS
+  become: true
+  ansible.builtin.copy:
+    src: nftables/input.d/imap-imaps.conf
+    dest: /etc/nftables/input.d/imap-imaps.conf
+    mode: 0640
+  notify: Reload nftables service