summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
committerclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
commit1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch)
tree129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/roles/dovecot/tasks
parent9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff)
downloadmail-1204730924436ef9e1c7c49c9557837f9a5ed0e8.tar.gz
fork https://github.com/mattsta/mailwebHEADmaster
Diffstat (limited to 'ansible/roles/dovecot/tasks')
-rw-r--r--ansible/roles/dovecot/tasks/main.yml110
1 files changed, 110 insertions, 0 deletions
diff --git a/ansible/roles/dovecot/tasks/main.yml b/ansible/roles/dovecot/tasks/main.yml
new file mode 100644
index 0000000..6e097c1
--- /dev/null
+++ b/ansible/roles/dovecot/tasks/main.yml
@@ -0,0 +1,110 @@
1---
2# dovecot install and configuration
3- name: install dovecot
4 apt:
5 state: latest
6 pkg:
7 - dovecot-imapd
8 - dovecot-lmtpd
9 - dovecot-sieve
10 - dovecot-sqlite
11
12# Convert existing maildir to mdbox (local on-fs dirs) with:
13# dsync -o mail_location=mdbox:herebox mirror maildir:Maildir
14# Or, you can pull from a remote site:
15# Below, -R means REVERSE backup so PULL messages FROM vorash INTO mdbox,
16# otherwise, it's a PUSH backup and mdbox PUSHES to vorash which isn't what we want
17# doveadm -o mail_location=mdbox:herebox backup -R ssh -J [email protected] matt@vorash doveadm dsync-server
18- name: create mail spool dirs
19 file:
20 path: /var/mail/local
21 owner: root
22 group: mail
23 mode: 0775
24 state: directory
25
26- name: create dovecot virtual mailbox group
27 group:
28 name: vmail
29 gid: 145
30 state: present
31
32- name: create dovecot virtual mailbox and virtual authentication account
33 user:
34 name: vmail
35 uid: 145
36 group: vmail
37 shell: /sbin/nologin
38 create_home: yes
39 home: /var/mail/vhosts
40 state: present
41
42- name: give dovecot user permission to read private keys
43 user:
44 name: dovecot
45 groups: ssl-cert
46 append: yes
47
48# Create new passwords with:
49# time doveadm pw -s SHA512-CRYPT -r 1856250
50- name: copy dovecot configs and userdb
51 copy:
52 src: dovecot/
53 dest: /etc/dovecot/
54 mode: preserve
55 notify:
56 - resieve spam
57 - resieve ham
58 - resieve spam mover
59 - restart dovecot
60
61# This permission is important because dovecot has multiple users:
62# - dovecot
63# - dovenull
64# - vmail
65# but login processes are run by the 'vmail' user, so 'vmail' must have read
66# access to the DB
67- name: fix user permissions on authdb
68 file:
69 path: /etc/dovecot/authdb.sqlite
70 owner: vmail
71 group: vmail
72 mode: 0600
73
74- name: instantiate dovecot SSL template with host vars
75 template:
76 src: dovecot/conf.d/10-ssl.conf.j2
77 dest: /etc/dovecot/conf.d/10-ssl.conf
78 notify:
79 - restart dovecot # NB this could be a reload instead
80
81# Dovecot mdbox format requires a purge to remove storage space
82# allocated to messages that have been fully deleted by users.
83# (it's an append-only refcounting system, so when a refcount becomes
84# zero on final delete, it needs some cleanup to rewrite the old
85# pack files without the deleted emails present anymore.)
86- cron:
87 name: setup cron so dovecot can GC mailboxes
88 minute: 0
89 hour: 3
90 user: vmail
91 job: "doveadm purge -A"
92 cron_file: dovecot_maint_purge
93
94
95# verify everything is running
96- name: verify services are running in dependency order
97 service:
98 name: "{{ item }}"
99 enabled: yes
100 state: started
101 loop:
102 - dovecot
103
104- name: reload if certs newish
105 include_role:
106 name: certreload
107 vars:
108 certreload:
109 notifiers:
110 - reload dovecot
Powered by cgit v1.2.3 (git 2.41.0)