๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/dovecot/tasks/main.yml

242 lines
5.2 KiB

2 years ago
- name: set dovecot_cfg
set_fact:
dovecot_cfg: "{{ dovecot_default_config | d({}) | combine(dovecot_config | d({}), recursive=true) }}"
- name: install dovecot
include_tasks: tasks/install_packages.yml
vars:
package:
- dovecot
- dovecot-lmtpd
- dovecot-openrc
- dovecot-pgsql
- dovecot-pigeonhole-plugin
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ dovecot_user }}"
group: "{{ dovecot_group }}"
- name: create dovemail user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ dovecot_mail_user }}"
group: "{{ dovecot_mail_group }}"
- name: create dovenull user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ dovecot_null_user }}"
- name: create dovecot conf dir
file:
path: "{{ dovecot_conf_dir }}"
state: directory
mode: 0755
owner: "{{ dovecot_user }}"
group: "{{ dovecot_group }}"
- name: create dovecot tls dir
file:
path: "{{ dovecot_tls_dir }}"
state: directory
mode: 0700
- name: create dovecot mail dir
file:
path: "{{ dovecot_mail_dir }}"
state: directory
mode: "g+s,o-rwx"
owner: "{{ dovecot_mail_user }}"
group: "{{ dovecot_mail_group }}"
- name: create dovecot sieve dir
file:
path: "{{ dovecot_sieve_dir }}"
state: directory
mode: 0755
owner: "{{ dovecot_mail_user }}"
group: "{{ dovecot_mail_group }}"
- name: generate dh params
include_role:
name: ca
vars:
function: dhparams
dh_params:
path: "{{ dovecot_tls_dh2048 }}"
mode: '0400'
remote_gen: yes
notify: restart dovecot
- name: remove unneeded dovecot files
file:
path: "{{ dovecot_conf_dir ~ '/' ~ item }}"
state: absent
loop:
- conf.d
- dovecot-dict-auth.conf.ext
- dovecot-oauth2.conf.ext
- dovecot-openssl.cnf
- users
notify: restart dovecot
- name: get dovemail user info
getent:
database: passwd
key: "{{ dovecot_mail_user }}"
changed_when: no
- name: set dovemail uid
set_fact:
dovecot_dovemail_uid: "{{ getent_passwd[dovecot_mail_user][1] }}"
- name: template dovecot configuration
template:
src: "{{ item if item is string else item.src }}.j2"
dest: "{{ dovecot_conf_dir ~ '/' ~ ((item ~ '.conf.ext') if item is string else item.dest) }}"
force: yes
mode: "{{ '0400' if (item is string) else (item.mode | d('0400')) }}"
lstrip_blocks: yes
loop:
- { src: dovecot-dict-sql, dest: dovecot-dict-sql.conf.ext, mode: '0444' }
- dovecot-sql
- dovecot-trash
- { src: dovecot-acl, dest: dovecot.acl }
- { src: dovecot, dest: dovecot.conf }
notify: restart dovecot
- name: edit permissions of dovecot plugin files
file:
path: "{{ dovecot_conf_dir ~ '/' ~ item }}"
state: file
owner: "{{ dovecot_mail_user }}"
group: "{{ dovecot_mail_group }}"
loop:
- dovecot.acl
- dovecot-sql.conf.ext
- dovecot-trash.conf.ext
- dovecot-dict-sql.conf.ext
notify: restart dovecot
- name: template sieve scripts
template:
src: "{{ item.src }}.j2"
dest: "{{ dovecot_sieve_dir ~ '/' ~ item.dest ~ '.sieve' }}"
force: yes
mode: 0400
owner: "{{ dovecot_mail_user }}"
group: "{{ dovecot_mail_group }}"
loop: "{{ dovecot_sieve_scripts | d([]) }}"
register: result
- name: compile scripts
shell:
cmd: "sievec {{ (dovecot_sieve_dir ~ '/') | quote }}"
when: result.changed
notify: restart dovecot
- name: collect svbin files
find:
paths: "{{ dovecot_sieve_dir }}/"
patterns: "*.svbin"
recurse: yes
depth: 3
register: svbin_files
- name: change svbin permissions
file:
path: "{{ item.path }}"
mode: 0400
owner: "{{ dovecot_mail_user }}"
group: "{{ dovecot_mail_group }}"
loop: "{{ svbin_files.files | d([]) | flatten(levels=1) }}"
notify: restart dovecot
- name: add extra cname record
include_role:
name: ns
vars:
function: add_records
ns_add_default_record: no
ns_records:
- name: "{{ mail_server.mua_actual_hostname }}"
type: CNAME
value: "{{ host_fqdn }}"
when: mail_server.mua_actual_hostname is defined
- name: deploy certs
include_role:
name: certs
vars:
common:
owner: root
group: root
post_hook: service dovecot restart
notify: restart dovecot
hostname: "{{ mail_server.mua_actual_hostname }}"
certs:
- cert: "{{ dovecot_tls_int_ecc384_cert }}"
key: "{{ dovecot_tls_int_ecc384_key }}"
ecc: yes
- cert: "{{ dovecot_tls_int_rsa2048_cert }}"
key: "{{ dovecot_tls_int_rsa2048_key }}"
ecc: no
- name: flush handlers
meta: flush_handlers
- name: add directories to backup plan
include_role:
name: backup
vars:
function: add
backup_items:
- "{{ dovecot_conf_dir }}"
- "{{ dovecot_tls_dir }}"
- "{{ dovecot_sieve_dir }}"
- "{{ dovecot_script_dir }}"
- name: add mail dir to backup plan
include_role:
name: backup
vars:
function: add
backup_items:
- "{{ dovecot_mail_dir }}"
when: dovecot_backup_mail_dir | d(false) == true
- name: enable and start dovecot
service:
name: dovecot
enabled: yes
state: started