1 files changed, 150 insertions, 0 deletions
diff --git a/ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext b/ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext
new file mode 100644
index 0000000..f248243
--- /dev/null
+++ b/ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext
@@ -0,0 +1,150 @@
+# This file is commonly accessed via passdb {} or userdb {} section in
+# conf.d/auth-sql.conf.ext
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
+# http://wiki2.dovecot.org/AuthDatabase/SQL
+#
+# For the sql passdb module, you'll need a database with a table that
+# contains fields for at least the username and password. If you want to
+# use the user@domain syntax, you might want to have a separate domain
+# field as well.
+#
+# If your users all have the same uig/gid, and have predictable home
+# directories, you can use the static userdb module to generate the home
+# dir based on the username and domain. In this case, you won't need fields
+# for home, uid, or gid in the database.
+#
+# If you prefer to use the sql userdb module, you'll want to add fields
+# for home, uid, and gid. Here is an example table:
+#
+# CREATE TABLE users (
+#     username VARCHAR(128) NOT NULL,
+#     domain VARCHAR(128) NOT NULL,
+#     password VARCHAR(64) NOT NULL,
+#     home VARCHAR(255) NOT NULL,
+#     uid INTEGER NOT NULL,
+#     gid INTEGER NOT NULL,
+#     active CHAR(1) DEFAULT 'Y' NOT NULL
+# );
+# Database driver: mysql, pgsql, sqlite
+driver = sqlite
+# Database connection string. This is driver-specific setting.
+#
+# HA / round-robin load-balancing is supported by giving multiple host
+# settings, like: host=sql1.host.org host=sql2.host.org
+#
+# pgsql:
+#   For available options, see the PostgreSQL documention for the
+#   PQconnectdb function of libpq.
+#   Use maxconns=n (default 5) to change how many connections Dovecot can
+#   create to pgsql.
+#
+# mysql:
+#   Basic options emulate PostgreSQL option names:
+#     host, port, user, password, dbname
+#
+#   But also adds some new settings:
+#     client_flags           - See MySQL manual
+#     connect_timeout        - Connect timeout in seconds (default: 5)
+#     read_timeout           - Read timeout in seconds (default: 30)
+#     write_timeout          - Write timeout in seconds (default: 30)
+#     ssl_ca, ssl_ca_path    - Set either one or both to enable SSL
+#     ssl_cert, ssl_key      - For sending client-side certificates to server
+#     ssl_cipher             - Set minimum allowed cipher security (default: HIGH)
+#     ssl_verify_server_cert - Verify that the name in the server SSL certificate
+#                              matches the host (default: no)
+#     option_file            - Read options from the given file instead of
+#                              the default my.cnf location
+#     option_group           - Read options from the given group (default: client)
+#
+#   You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
+#   Note that currently you can't use spaces in parameters.
+#
+# sqlite:
+#   The path to the database file.
+#
+# Examples:
+#   connect = host=192.168.1.1 dbname=users
+#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
+#   connect = /etc/dovecot/authdb.sqlite
+#
+connect = /etc/dovecot/authdb.sqlite
+# Default password scheme.
+#
+# List of supported schemes is in
+# http://wiki2.dovecot.org/Authentication/PasswordSchemes
+#
+#default_pass_scheme = SHA512-CRYPT
+# passdb query to retrieve the password. It can return fields:
+#   password - The user's password. This field must be returned.
+#   user - user@domain from the database. Needed with case-insensitive lookups.
+#   username and domain - An alternative way to represent the "user" field.
+#
+# The "user" field is often necessary with case-insensitive lookups to avoid
+# e.g. "name" and "nAme" logins creating two different mail directories. If
+# your user and domain names are in separate fields, you can return "username"
+# and "domain" fields instead of "user".
+#
+# The query can also return other fields which have a special meaning, see
+# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
+#
+# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
+# for full list):
+#   %u = entire user@domain
+#   %n = user part of user@domain
+#   %d = domain part of user@domain
+#
+# Note that these can be used only as input to SQL query. If the query outputs
+# any of these substitutions, they're not touched. Otherwise it would be
+# difficult to have eg. usernames containing '%' characters.
+#
+# Example:
+#   password_query = SELECT userid AS user, pw AS password \
+#     FROM users WHERE userid = '%u' AND active = 'Y'
+#
+password_query = \
+  SELECT '%u' AS username, domain, password \
+  FROM users WHERE userid = '%n' AND domain = '%d'
+# You can update (or modify this a bit to insert) user passwords in a shell with:
+# sqlite3 authdb.sqlite "update users set password='$(doveadm pw -s SHA512-CRYPT -r 1856250)' where userid='USERNAME' and domain = 'DOMAIN';"
+# userdb query to retrieve the user information. It can return fields:
+#   uid - System UID (overrides mail_uid setting)
+#   gid - System GID (overrides mail_gid setting)
+#   home - Home directory
+#   mail - Mail location (overrides mail_location setting)
+#
+# None of these are strictly required. If you use a single UID and GID, and
+# home or mail directory fits to a template string, you could use userdb static
+# instead. For a list of all fields that can be returned, see
+# http://wiki2.dovecot.org/UserDatabase/ExtraFields
+#
+# Examples:
+#   user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
+#   user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
+#   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
+#
+user_query = \
+  SELECT "/var/mail/vhosts/" || '%d' || '/' || '%n' AS home, 145 as uid, 145 as gid
+# If you wish to avoid two SQL lookups (passdb + userdb), you can use
+# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
+# also have to return userdb fields in password_query prefixed with "userdb_"
+# string. For example:
+password_query = \
+  SELECT '%u' AS user, password, \
+     "/var/mail/vhosts/" || '%d' || '/' || '%n' AS userdb_home, 145 AS userdb_uid, 145 AS userdb_gid \
+  FROM users WHERE userid = '%n' AND domain = '%d'
+# Query to get a list of all usernames.
+# This iteration is used for things like globally purging zero refcount emails
+# for all users, but to get all users, we have to iterate the user storage,
+# hence this iterator query is required.
+iterate_query = SELECT userid AS user FROM users

diff --git a/ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext b/ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext new file mode 100644 index 0000000..f248243 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext
@@ -0,0 +1,150 @@
	1	# This file is commonly accessed via passdb {} or userdb {} section in
	2	# conf.d/auth-sql.conf.ext
	3
	4	# This file is opened as root, so it should be owned by root and mode 0600.
	5	#
	6	# http://wiki2.dovecot.org/AuthDatabase/SQL
	7	#
	8	# For the sql passdb module, you'll need a database with a table that
	9	# contains fields for at least the username and password. If you want to
	10	# use the user@domain syntax, you might want to have a separate domain
	11	# field as well.
	12	#
	13	# If your users all have the same uig/gid, and have predictable home
	14	# directories, you can use the static userdb module to generate the home
	15	# dir based on the username and domain. In this case, you won't need fields
	16	# for home, uid, or gid in the database.
	17	#
	18	# If you prefer to use the sql userdb module, you'll want to add fields
	19	# for home, uid, and gid. Here is an example table:
	20	#
	21	# CREATE TABLE users (
	22	# username VARCHAR(128) NOT NULL,
	23	# domain VARCHAR(128) NOT NULL,
	24	# password VARCHAR(64) NOT NULL,
	25	# home VARCHAR(255) NOT NULL,
	26	# uid INTEGER NOT NULL,
	27	# gid INTEGER NOT NULL,
	28	# active CHAR(1) DEFAULT 'Y' NOT NULL
	29	# );
	30
	31	# Database driver: mysql, pgsql, sqlite
	32	driver = sqlite
	33
	34	# Database connection string. This is driver-specific setting.
	35	#
	36	# HA / round-robin load-balancing is supported by giving multiple host
	37	# settings, like: host=sql1.host.org host=sql2.host.org
	38	#
	39	# pgsql:
	40	# For available options, see the PostgreSQL documention for the
	41	# PQconnectdb function of libpq.
	42	# Use maxconns=n (default 5) to change how many connections Dovecot can
	43	# create to pgsql.
	44	#
	45	# mysql:
	46	# Basic options emulate PostgreSQL option names:
	47	# host, port, user, password, dbname
	48	#
	49	# But also adds some new settings:
	50	# client_flags - See MySQL manual
	51	# connect_timeout - Connect timeout in seconds (default: 5)
	52	# read_timeout - Read timeout in seconds (default: 30)
	53	# write_timeout - Write timeout in seconds (default: 30)
	54	# ssl_ca, ssl_ca_path - Set either one or both to enable SSL
	55	# ssl_cert, ssl_key - For sending client-side certificates to server
	56	# ssl_cipher - Set minimum allowed cipher security (default: HIGH)
	57	# ssl_verify_server_cert - Verify that the name in the server SSL certificate
	58	# matches the host (default: no)
	59	# option_file - Read options from the given file instead of
	60	# the default my.cnf location
	61	# option_group - Read options from the given group (default: client)
	62	#
	63	# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
	64	# Note that currently you can't use spaces in parameters.
	65	#
	66	# sqlite:
	67	# The path to the database file.
	68	#
	69	# Examples:
	70	# connect = host=192.168.1.1 dbname=users
	71	# connect = host=sql.example.com dbname=virtual user=virtual password=blarg
	72	# connect = /etc/dovecot/authdb.sqlite
	73	#
	74	connect = /etc/dovecot/authdb.sqlite
	75
	76	# Default password scheme.
	77	#
	78	# List of supported schemes is in
	79	# http://wiki2.dovecot.org/Authentication/PasswordSchemes
	80	#
	81	#default_pass_scheme = SHA512-CRYPT
	82
	83	# passdb query to retrieve the password. It can return fields:
	84	# password - The user's password. This field must be returned.
	85	# user - user@domain from the database. Needed with case-insensitive lookups.
	86	# username and domain - An alternative way to represent the "user" field.
	87	#
	88	# The "user" field is often necessary with case-insensitive lookups to avoid
	89	# e.g. "name" and "nAme" logins creating two different mail directories. If
	90	# your user and domain names are in separate fields, you can return "username"
	91	# and "domain" fields instead of "user".
	92	#
	93	# The query can also return other fields which have a special meaning, see
	94	# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
	95	#
	96	# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
	97	# for full list):
	98	# %u = entire user@domain
	99	# %n = user part of user@domain
	100	# %d = domain part of user@domain
	101	#
	102	# Note that these can be used only as input to SQL query. If the query outputs
	103	# any of these substitutions, they're not touched. Otherwise it would be
	104	# difficult to have eg. usernames containing '%' characters.
	105	#
	106	# Example:
	107	# password_query = SELECT userid AS user, pw AS password \
	108	# FROM users WHERE userid = '%u' AND active = 'Y'
	109	#
	110	password_query = \
	111	SELECT '%u' AS username, domain, password \
	112	FROM users WHERE userid = '%n' AND domain = '%d'
	113
	114	# You can update (or modify this a bit to insert) user passwords in a shell with:
	115	# sqlite3 authdb.sqlite "update users set password='$(doveadm pw -s SHA512-CRYPT -r 1856250)' where userid='USERNAME' and domain = 'DOMAIN';"
	116
	117
	118	# userdb query to retrieve the user information. It can return fields:
	119	# uid - System UID (overrides mail_uid setting)
	120	# gid - System GID (overrides mail_gid setting)
	121	# home - Home directory
	122	# mail - Mail location (overrides mail_location setting)
	123	#
	124	# None of these are strictly required. If you use a single UID and GID, and
	125	# home or mail directory fits to a template string, you could use userdb static
	126	# instead. For a list of all fields that can be returned, see
	127	# http://wiki2.dovecot.org/UserDatabase/ExtraFields
	128	#
	129	# Examples:
	130	# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
	131	# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
	132	# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
	133	#
	134	user_query = \
	135	SELECT "/var/mail/vhosts/" \|\| '%d' \|\| '/' \|\| '%n' AS home, 145 as uid, 145 as gid
	136
	137	# If you wish to avoid two SQL lookups (passdb + userdb), you can use
	138	# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
	139	# also have to return userdb fields in password_query prefixed with "userdb_"
	140	# string. For example:
	141	password_query = \
	142	SELECT '%u' AS user, password, \
	143	"/var/mail/vhosts/" \|\| '%d' \|\| '/' \|\| '%n' AS userdb_home, 145 AS userdb_uid, 145 AS userdb_gid \
	144	FROM users WHERE userid = '%n' AND domain = '%d'
	145
	146	# Query to get a list of all usernames.
	147	# This iteration is used for things like globally purging zero refcount emails
	148	# for all users, but to get all users, we have to iterate the user storage,
	149	# hence this iterator query is required.
	150	iterate_query = SELECT userid AS user FROM users