143 lines
3.7 KiB
YAML
143 lines
3.7 KiB
YAML
---
|
|
|
|
- name: Install needed packages
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name:
|
|
- dovecot-pgsql
|
|
- dovecot-imapd
|
|
- dovecot-managesieved
|
|
- dovecot-lmtpd
|
|
|
|
- name: Create vmail group
|
|
become: true
|
|
ansible.builtin.group:
|
|
name: vmail
|
|
gid: 5000
|
|
state: present
|
|
|
|
- name: Create vmail user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: vmail
|
|
uid: 5000
|
|
group: vmail
|
|
home: /var/vmail
|
|
create_home: true
|
|
state: present
|
|
|
|
- name: Add login to auth_mechanisms
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/dovecot/conf.d/10-auth.conf
|
|
regexp: '^auth_mechanisms =.*'
|
|
line: auth_mechanisms = plain login
|
|
notify: Reload dovecot service
|
|
|
|
- name: Remove system auth
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/dovecot/conf.d/10-auth.conf
|
|
regexp: '^#?\!include auth-system.conf.ext'
|
|
line: '#!include auth-system.conf.ext'
|
|
notify: Reload dovecot service
|
|
|
|
- name: Add SQL auth
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/dovecot/conf.d/10-auth.conf
|
|
regexp: '^#?\!include auth-sql.conf.ext'
|
|
line: '!include auth-sql.conf.ext'
|
|
notify: Reload dovecot service
|
|
|
|
- name: Configure mail_location
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/dovecot/conf.d/10-mail.conf
|
|
regexp: '^mail_location =.*'
|
|
line: mail_location = maildir:~/Maildir
|
|
notify: Reload dovecot service
|
|
|
|
- name: Add quota plugin
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/dovecot/conf.d/10-mail.conf
|
|
regexp: '^#?mail_plugins =.*'
|
|
line: mail_plugins = quota
|
|
notify: Reload dovecot service
|
|
|
|
- name: Add postfix auth socket config
|
|
become: true
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/dovecot/conf.d/10-master.conf
|
|
block: |
|
|
unix_listener /var/spool/postfix/private/auth {
|
|
mode = 0660
|
|
user = postfix
|
|
group = postfix
|
|
}
|
|
insertafter: '# Postfix smtp-auth'
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK AUTH"
|
|
notify: Reload dovecot service
|
|
|
|
- name: Add postfix lmtp socket config
|
|
become: true
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/dovecot/conf.d/10-master.conf
|
|
block: |
|
|
unix_listener /var/spool/postfix/private/dovecot-lmtp {
|
|
mode = 0660
|
|
user = postfix
|
|
group = postfix
|
|
}
|
|
insertafter: 'service lmtp'
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK LMTP"
|
|
notify: Reload dovecot service
|
|
|
|
- name: Add ssl cert and key config
|
|
become: true
|
|
loop:
|
|
- regexp: '^ssl_cert =.*'
|
|
line: "ssl_cert = </etc/letsencrypt/live/{{ ansible_hostname }}.{{ virtual_domain }}/fullchain.pem"
|
|
- regexp: '^ssl_key =.*'
|
|
line: "ssl_key = </etc/letsencrypt/live/{{ ansible_hostname }}.{{ virtual_domain }}/privkey.pem"
|
|
- regexp: '^ssl =.*'
|
|
line: ssl = required
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/dovecot/conf.d/10-ssl.conf
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
notify: Reload dovecot service
|
|
|
|
- name: Copy dovecot-sql.conf.ext
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: dovecot-sql.conf.ext.j2
|
|
dest: /etc/dovecot/dovecot-sql.conf.ext
|
|
owner: root
|
|
group: root
|
|
mode: "640"
|
|
|
|
- name: Add sieve plugin
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/dovecot/conf.d/20-lmtp.conf
|
|
regexp: '^(\s*)#?mail_plugins =.*'
|
|
backrefs: true
|
|
line: '\1mail_plugins = $mail_plugins sieve'
|
|
notify: Reload dovecot service
|
|
|
|
- name: Copy quota-warning script
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: quota-warning.sh.j2
|
|
dest: /usr/local/bin/quota-warning.sh
|
|
mode: "755"
|
|
|
|
- name: Copy 90-quota.conf
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: conf.d/90-quota.conf.j2
|
|
dest: /etc/dovecot/conf.d/90-quota.conf
|
|
mode: "644"
|
|
notify: Reload dovecot service
|