diff options
author | clarkzjw <[email protected]> | 2023-02-08 00:40:09 -0800 |
---|---|---|
committer | clarkzjw <[email protected]> | 2023-02-08 00:40:09 -0800 |
commit | 1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch) | |
tree | 129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/roles/dovecot/tasks | |
parent | 9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff) | |
download | mail-1204730924436ef9e1c7c49c9557837f9a5ed0e8.tar.gz |
Diffstat (limited to 'ansible/roles/dovecot/tasks')
-rw-r--r-- | ansible/roles/dovecot/tasks/main.yml | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/ansible/roles/dovecot/tasks/main.yml b/ansible/roles/dovecot/tasks/main.yml new file mode 100644 index 0000000..6e097c1 --- /dev/null +++ b/ansible/roles/dovecot/tasks/main.yml | |||
@@ -0,0 +1,110 @@ | |||
1 | --- | ||
2 | # dovecot install and configuration | ||
3 | - name: install dovecot | ||
4 | apt: | ||
5 | state: latest | ||
6 | pkg: | ||
7 | - dovecot-imapd | ||
8 | - dovecot-lmtpd | ||
9 | - dovecot-sieve | ||
10 | - dovecot-sqlite | ||
11 | |||
12 | # Convert existing maildir to mdbox (local on-fs dirs) with: | ||
13 | # dsync -o mail_location=mdbox:herebox mirror maildir:Maildir | ||
14 | # Or, you can pull from a remote site: | ||
15 | # Below, -R means REVERSE backup so PULL messages FROM vorash INTO mdbox, | ||
16 | # otherwise, it's a PUSH backup and mdbox PUSHES to vorash which isn't what we want | ||
17 | # doveadm -o mail_location=mdbox:herebox backup -R ssh -J [email protected] matt@vorash doveadm dsync-server | ||
18 | - name: create mail spool dirs | ||
19 | file: | ||
20 | path: /var/mail/local | ||
21 | owner: root | ||
22 | group: mail | ||
23 | mode: 0775 | ||
24 | state: directory | ||
25 | |||
26 | - name: create dovecot virtual mailbox group | ||
27 | group: | ||
28 | name: vmail | ||
29 | gid: 145 | ||
30 | state: present | ||
31 | |||
32 | - name: create dovecot virtual mailbox and virtual authentication account | ||
33 | user: | ||
34 | name: vmail | ||
35 | uid: 145 | ||
36 | group: vmail | ||
37 | shell: /sbin/nologin | ||
38 | create_home: yes | ||
39 | home: /var/mail/vhosts | ||
40 | state: present | ||
41 | |||
42 | - name: give dovecot user permission to read private keys | ||
43 | user: | ||
44 | name: dovecot | ||
45 | groups: ssl-cert | ||
46 | append: yes | ||
47 | |||
48 | # Create new passwords with: | ||
49 | # time doveadm pw -s SHA512-CRYPT -r 1856250 | ||
50 | - name: copy dovecot configs and userdb | ||
51 | copy: | ||
52 | src: dovecot/ | ||
53 | dest: /etc/dovecot/ | ||
54 | mode: preserve | ||
55 | notify: | ||
56 | - resieve spam | ||
57 | - resieve ham | ||
58 | - resieve spam mover | ||
59 | - restart dovecot | ||
60 | |||
61 | # This permission is important because dovecot has multiple users: | ||
62 | # - dovecot | ||
63 | # - dovenull | ||
64 | # - vmail | ||
65 | # but login processes are run by the 'vmail' user, so 'vmail' must have read | ||
66 | # access to the DB | ||
67 | - name: fix user permissions on authdb | ||
68 | file: | ||
69 | path: /etc/dovecot/authdb.sqlite | ||
70 | owner: vmail | ||
71 | group: vmail | ||
72 | mode: 0600 | ||
73 | |||
74 | - name: instantiate dovecot SSL template with host vars | ||
75 | template: | ||
76 | src: dovecot/conf.d/10-ssl.conf.j2 | ||
77 | dest: /etc/dovecot/conf.d/10-ssl.conf | ||
78 | notify: | ||
79 | - restart dovecot # NB this could be a reload instead | ||
80 | |||
81 | # Dovecot mdbox format requires a purge to remove storage space | ||
82 | # allocated to messages that have been fully deleted by users. | ||
83 | # (it's an append-only refcounting system, so when a refcount becomes | ||
84 | # zero on final delete, it needs some cleanup to rewrite the old | ||
85 | # pack files without the deleted emails present anymore.) | ||
86 | - cron: | ||
87 | name: setup cron so dovecot can GC mailboxes | ||
88 | minute: 0 | ||
89 | hour: 3 | ||
90 | user: vmail | ||
91 | job: "doveadm purge -A" | ||
92 | cron_file: dovecot_maint_purge | ||
93 | |||
94 | |||
95 | # verify everything is running | ||
96 | - name: verify services are running in dependency order | ||
97 | service: | ||
98 | name: "{{ item }}" | ||
99 | enabled: yes | ||
100 | state: started | ||
101 | loop: | ||
102 | - dovecot | ||
103 | |||
104 | - name: reload if certs newish | ||
105 | include_role: | ||
106 | name: certreload | ||
107 | vars: | ||
108 | certreload: | ||
109 | notifiers: | ||
110 | - reload dovecot | ||