Add role mailserver_dovecot

2024-01-08 11:58:39 +01:00 · 2024-01-08 11:58:39 +01:00 · ba2749b4a7
commit ba2749b4a7
parent 0a0c815268
4 changed files with 106 additions and 0 deletions
--- a/playbook_mailserver.yml
+++ b/playbook_mailserver.yml
@ -17,3 +17,5 @@
      tags: database
    - role: mailserver_postfix
      tags: postfix
+    - role: mailserver_dovecot
+      tags: dovecot
--- a/roles/common_handlers/handlers/main.yml
+++ b/roles/common_handlers/handlers/main.yml
@ -63,3 +63,9 @@
  ansible.builtin.systemd:
    name: postfix
    state: reloaded
+
+- name: Reload dovecot service
+  become: true
+  ansible.builtin.systemd:
+    name: dovecot
+    state: reloaded
--- a/roles/mailserver_dovecot/README.md
+++ b/roles/mailserver_dovecot/README.md
@ -0,0 +1,3 @@
+# mailserver - Dovecot
+
+Installs and configures the Dovecot part of the mail server.
--- a/roles/mailserver_dovecot/tasks/main.yml
+++ b/roles/mailserver_dovecot/tasks/main.yml
@ -0,0 +1,95 @@
+---
+
+- name: Install needed packages
+  become: true
+  ansible.builtin.apt:
+    name:
+      - dovecot-pgsql
+      - dovecot-imapd
+      - dovecot-managesieved
+      - dovecot-lmtpd
+
+- name: Create vmail group
+  become: true
+  ansible.builtin.group:
+    name: vmail
+    gid: 5000
+    state: present
+
+- name: Create vmail user
+  become: true
+  ansible.builtin.user:
+    name: vmail
+    uid: 5000
+    group: vmail
+    home: /var/vmail
+    create_home: true
+    state: present
+
+- name: Add login to auth_mechanisms
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/dovecot/conf.d/10-auth.conf
+    regexp: '^auth_mechanisms =.*'
+    line: auth_mechanisms = plain login
+  notify: Reload dovecot service
+
+- name: Remove system auth
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/dovecot/conf.d/10-auth.conf
+    regexp: '^#?\!include auth-system.conf.ext'
+    line: '#!include auth-system.conf.ext'
+  notify: Reload dovecot service
+
+- name: Add SQL auth
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/dovecot/conf.d/10-auth.conf
+    regexp: '^#?\!include auth-sql.conf.ext'
+    line: '!include auth-sql.conf.ext'
+  notify: Reload dovecot service
+
+- name: Configure mail_location
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/dovecot/conf.d/10-mail.conf
+    regexp: '^mail_location =.*'
+    line: mail_location = maildir:~/Maildir
+  notify: Reload dovecot service
+
+- name: Add quota plugin
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/dovecot/conf.d/10-mail.conf
+    regexp: '^#?mail_plugins =.*'
+    line: mail_plugins = quota
+  notify: Reload dovecot service
+
+- name: Add postfix auth socket config
+  become: true
+  ansible.builtin.blockinfile:
+    path: /etc/dovecot/conf.d/10-master.conf
+    block: |
+      unix_listener /var/spool/postfix/private/auth {
+        mode = 0660
+        user = postfix
+        group = postfix
+      }
+    insertafter: '# Postfix smtp-auth'
+  notify: Reload dovecot service
+
+- name: Add ssl cert and key config
+  become: true
+  loop:
+    - regexp: '^ssl_cert =.*'
+      line: "ssl_cert = </etc/letsencrypt/live/{{ ansible_hostname }}.tunuifranken.info/fullchain.pem"
+    - regexp: '^ssl_key =.*'
+      line: "ssl_key = </etc/letsencrypt/live/{{ ansible_hostname }}.tunuifranken.info/privkey.pem"
+    - regexp: '^ssl =.*'
+      line: ssl = required
+  ansible.builtin.lineinfile:
+    path: /etc/dovecot/conf.d/10-ssl.conf
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  notify: Reload dovecot service