flyingscorpio/self-hosting
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
self-hosting/roles/mailserver_dovecot/tasks/main.yml

338 lines
8.7 KiB
YAML
Raw Blame History

---
- name: Install needed packages
become: true
ansible.builtin.apt:
name:
- dovecot-pgsql
- dovecot-imapd
- dovecot-managesieved
- dovecot-lmtpd
- name: Create a LV for /var/vmail
become: true
community.general.lvol:
vg: vg_data
lv: vmail
state: present
size: 5g
resizefs: true
- name: Format vmail LV to ext4
become: true
community.general.filesystem:
dev: /dev/mapper/vg_data-vmail
fstype: ext4
resizefs: true
state: present
- name: Mount /var/vmail
become: true
ansible.posix.mount:
src: /dev/mapper/vg_data-vmail
path: /var/vmail
state: mounted
fstype: ext4
- name: Create vmail group
become: true
ansible.builtin.group:
name: vmail
gid: 5000
state: present
- name: Create vmail user
become: true
ansible.builtin.user:
name: vmail
uid: 5000
group: vmail
home: /var/vmail
create_home: false
state: present
- name: Set ownership for /var/vmail
become: true
ansible.builtin.file:
path: /var/vmail
state: directory
owner: vmail
group: vmail
recurse: true
- name: Add login to auth_mechanisms
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/10-auth.conf
regexp: '^auth_mechanisms =.*'
line: auth_mechanisms = plain login
notify: Reload dovecot service
- name: Remove system auth
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/10-auth.conf
regexp: '^#?\!include auth-system.conf.ext'
line: '#!include auth-system.conf.ext'
notify: Reload dovecot service
- name: Add SQL auth
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/10-auth.conf
regexp: '^#?\!include auth-sql.conf.ext'
line: '!include auth-sql.conf.ext'
notify: Reload dovecot service
- name: Configure mail_location
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/10-mail.conf
regexp: '^mail_location =.*'
line: 'mail_location = maildir:~/Maildir'
notify: Reload dovecot service
- name: Add quota plugin
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/10-mail.conf
regexp: '^#?mail_plugins =.*'
line: 'mail_plugins = quota'
notify: Reload dovecot service
- name: Add postfix auth socket config
become: true
ansible.builtin.blockinfile:
path: /etc/dovecot/conf.d/10-master.conf
block: |
{% filter indent(width=2, first=true) %}
unix_listener /var/spool/postfix/private/auth {
mode = 0600
user = postfix
group = postfix
}
{% endfilter %}
insertafter: '# Postfix smtp-auth'
marker: " # {mark} ANSIBLE MANAGED BLOCK AUTH"
notify: Reload dovecot service
- name: Add postfix lmtp socket config
become: true
ansible.builtin.blockinfile:
path: /etc/dovecot/conf.d/10-master.conf
block: |
{% filter indent(width=2, first=true) %}
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
{% endfilter %}
insertafter: 'service lmtp'
marker: " # {mark} ANSIBLE MANAGED BLOCK LMTP"
notify: Reload dovecot service
- name: Add ssl cert and key config
become: true
loop:
- regexp: '^ssl_cert =.*'
line: "ssl_cert = </etc/letsencrypt/live/{{ add_cert_domain }}/fullchain.pem"
- regexp: '^ssl_key =.*'
line: "ssl_key = </etc/letsencrypt/live/{{ add_cert_domain }}/privkey.pem"
- regexp: '^ssl =.*'
line: ssl = required
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/10-ssl.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
notify: Reload dovecot service
- name: Copy dovecot-sql.conf.ext
become: true
ansible.builtin.template:
src: dovecot-sql.conf.ext.j2
dest: /etc/dovecot/dovecot-sql.conf.ext
owner: root
group: root
mode: "640"
notify: Reload dovecot service
- name: Add sieve plugin
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/20-lmtp.conf
regexp: '^(\s*)#?mail_plugins =.*'
backrefs: true
line: '\1mail_plugins = $mail_plugins sieve'
notify: Reload dovecot service
- name: Copy quota-warning script
become: true
ansible.builtin.copy:
src: quota-warning.sh
dest: /usr/local/bin/quota-warning.sh
mode: "755"
- name: Copy 90-quota.conf
become: true
ansible.builtin.template:
src: conf.d/90-quota.conf.j2
dest: /etc/dovecot/conf.d/90-quota.conf
mode: "644"
notify: Reload dovecot service
- name: Add sieve_after sieve config
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/90-sieve.conf
regexp: '^(\s*)#?sieve_after =.*'
backrefs: true
line: '\1sieve_after = /etc/dovecot/sieve-after'
notify: Reload dovecot service
- name: Create sieve directories
become: true
ansible.builtin.file:
path: "/etc/dovecot/{{ item }}"
state: directory
owner: root
group: root
mode: "755"
loop:
- sieve
- sieve-after
- name: Copy spam-to-folder.sieve
become: true
ansible.builtin.template:
src: spam-to-folder.sieve.j2
dest: /etc/dovecot/sieve-after/spam-to-folder.sieve
owner: root
group: root
mode: "644"
notify: Compile spam-to-folder.sieve
- name: Add autoexpunge mailbox config (Junk)
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/15-mailboxes.conf
line: " autoexpunge = 30d"
insertafter: "mailbox Junk"
notify: Reload dovecot service
- name: Add autoexpunge mailbox config (Trash)
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/15-mailboxes.conf
line: " autoexpunge = 30d"
insertafter: "mailbox Trash"
notify: Reload dovecot service
- name: Add subscribe mailbox config (Junk)
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/15-mailboxes.conf
line: " auto = subscribe"
insertafter: 'special_use =.*Junk'
notify: Reload dovecot service
- name: Add subscribe mailbox config (Trash)
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/15-mailboxes.conf
line: " auto = subscribe"
insertafter: 'special_use =.*Trash'
notify: Reload dovecot service
- name: Add imap_sieve plugin
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/20-imap.conf
regexp: '^(\s*)#?mail_plugins =.*'
backrefs: true
line: '\1mail_plugins = $mail_plugins quota imap_sieve'
notify: Reload dovecot service
- name: Add imapsieve config for Junk training
become: true
ansible.builtin.blockinfile:
path: /etc/dovecot/conf.d/90-sieve.conf
block: |
{% filter indent(width=2, first=true) %}
# From elsewhere to Junk folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve
# From Junk folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve
sieve_pipe_bin_dir = /etc/dovecot/sieve
{% endfilter %}
insertafter: 'plugin {'
marker: " # {mark} ANSIBLE MANAGED BLOCK IMAPSIEVE"
notify: Reload dovecot service
- name: Add configs for imapsieve
become: true
ansible.builtin.lineinfile:
path: /etc/dovecot/conf.d/90-sieve.conf
regexp: '^(\s*)#?{{ item.key }} =.*'
backrefs: true
line: '\1{{ item.key }} = {{ item.val }}'
loop:
- key: sieve_global_extensions
val: '+vnd.dovecot.pipe'
- key: sieve_plugins
val: 'sieve_imapsieve sieve_extprograms'
notify: Reload dovecot service
- name: Copy learn-spam.sieve
become: true
ansible.builtin.template:
src: learn-spam.sieve.j2
dest: /etc/dovecot/sieve/learn-spam.sieve
owner: root
group: root
mode: "600"
notify: Compile learn-spam.sieve
- name: Copy learn-ham.sieve
become: true
ansible.builtin.template:
src: learn-ham.sieve.j2
dest: /etc/dovecot/sieve/learn-ham.sieve
owner: root
group: root
mode: "600"
notify: Compile learn-ham.sieve
- name: Copy rspamd-learn-spam.sh and rspamd-learn-ham.sh scripts
become: true
ansible.builtin.template:
src: "rspamd-learn-{{ item }}.sh.j2"
dest: "/etc/dovecot/sieve/rspamd-learn-{{ item }}.sh"
owner: root
group: root
mode: "700"
loop:
- spam
- ham
- name: Allow incoming IMAP/IMAPS
become: true
ansible.builtin.copy:
src: nftables/input.d/imap-imaps.conf
dest: /etc/nftables/input.d/imap-imaps.conf
mode: 0640
notify: Reload nftables service
- name: Allow incoming ManageSieve
become: true
ansible.builtin.copy:
src: nftables/input.d/managesieve.conf
dest: /etc/nftables/input.d/managesieve.conf
mode: 0640
notify: Reload nftables service
Reference in a new issue View git blame Copy permalink