dovecot_user: dovecot
dovecot_group: dovecot
dovecot_mail_user: dovemail
dovecot_mail_group: dovemail
dovecot_null_user: dovenull

dovecot_conf_dir: /etc/dovecot
dovecot_tls_dir: "{{ dovecot_conf_dir }}/tls"
dovecot_sieve_dir: "{{ dovecot_conf_dir }}/sieve"
dovecot_mail_dir: /opt/mail
dovecot_script_dir: "{{ dovecot_conf_dir }}/scripts"

dovecot_tls_dh2048: "{{ dovecot_tls_dir }}/dh2048.pem"
dovecot_tls_int_ecc384_key: "{{ dovecot_tls_dir }}/ecc384.key"
dovecot_tls_int_ecc384_cert: "{{ dovecot_tls_dir }}/ecc384.crt"
dovecot_tls_int_rsa2048_key: "{{ dovecot_tls_dir }}/rsa2048.key"
dovecot_tls_int_rsa2048_cert: "{{ dovecot_tls_dir }}/rsa2048.crt"


dovecot_drafts_name: Drafts
dovecot_junk_name: Junk
dovecot_sent_name: Sent
dovecot_trash_name: Trash
dovecot_expunged_name: .EXPUNGED

dovecot_max_quota_mb: 5000

dovecot_default_config:
  protocols: imap lmtp sieve
  hostname: "{{ (mail_server.mua_actual_hostname | d(host_name)) ~ '@' ~ mail_server.tld }}"
  login_greeting: "IMAPS {{ org }} (Dovecot) ready"

  auth_cache_ttl: 20m
  auth_cache_size: 2M
  auth_cache_negative_ttl: 5m
  auth_mechanisms:
    - plain
    - login
    - digest-md5
    - cram-md5
    - scram-sha-1
    - scram-sha-256
  auth_default_realm: "{{ mail_server.tld }}"
  auth_realms: "{{ mail_server.tld }}"
  auth_worker_max_count: 5

  default_internal_user: "{{ dovecot_user }}"
  default_internal_group: "{{ dovecot_group }}"
  default_login_user: "{{ dovecot_null_user }}"
  default_process_limit: 50
  default_vsz_limit: 64M

  disable_plaintext_auth: yes

  imap_capability: "+SPECIAL-USE"
  imap_id_send: '"name" * "version" * support-email postmaster@{{ mail_server.tld }}'

  mail_attachment_detection_options: add-flags
  mail_attribute_dict: "file:%h/mail_attrib"
  mail_gid: "{{ dovecot_mail_group }}"
  mail_home: "{{ dovecot_mail_dir }}/%Ld/%Ln"
  mail_location: "mdbox:%h/mail:UTF-8"
  mail_max_keyword_length: 100
  mail_server_admin: "mailto:{{ maintainer_email }}"
  mail_server_comment: "Dovecot IMAPS server - {{ org }}"
  mail_temp_scan_interval: 24h
  mail_uid: "{{ dovecot_mail_user }}"

  postmaster_address: "postmaster@{{ mail_server.tld }}"
  quota_full_tempfail: yes
  recipient_delimiter: '+'
  submission_client_workarounds: whitespace-before-path mailbox-for-path

  ssl: required
  ssl_cert: "<{{ dovecot_tls_int_ecc384_cert }}"
  ssl_key: "<{{ dovecot_tls_int_ecc384_key }}"
  ssl_alt_cert: "<{{ dovecot_tls_int_rsa2048_cert }}"
  ssl_alt_key: "<{{ dovecot_tls_int_rsa2048_key }}"
  ssl_cipher_suites: "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256"
  ssl_dh: "<{{ dovecot_tls_dh2048 }}"
  ssl_min_protocol: TLSv1.2
  ssl_prefer_server_ciphers: yes

  mail_plugins: "$mail_plugins mailbox_alias lazy_expunge listescape trash quota acl"


dovecot_protocols:
  imap:
    imap_metadata: yes
    mail_plugins: "$mail_plugins imap_zlib imap_quota imap_acl imap_sieve"
  lmtp:
    mail_plugins: "$mail_plugins sieve"
    lmtp_client_workarounds: whitespace-before-path mailbox-for-path
    lmtp_user_concurrency_limit: 25
  lda:
    mail_plugins: "$mail_plugins sieve"
    lda_mailbox_autocreate: yes
    lda_mailbox_autosubscribe: yes
  sieve:
    mail_max_userip_connections: 50


dovecot_namespaces:
  - name: inbox
    opts:
      inbox: yes
      separator: '/'

    mailboxes:
      - name: INBOX
        opts:
          auto: subscribe

      - name: "{{ dovecot_drafts_name }}"
        opts:
          auto: subscribe
          special_use: '\Drafts'

      - name: "{{ dovecot_junk_name }}"
        opts:
          auto: subscribe
          special_use: '\Junk'
          autoexpunge: 90d

      - name: "{{ dovecot_sent_name }}"
        opts:
          auto: subscribe
          special_use: '\Sent'

      - name: "{{ dovecot_trash_name }}"
        opts:
          auto: subscribe
          special_use: '\Trash'
          autoexpunge: 90d

      - name: "{{ dovecot_expunged_name }}"
        opts:
          auto: create
          autoexpunge: 180d

  - name: shared
    opts:
      type: shared
      separator: '/'
      prefix: 'Общие/%%u/'
      location: 'mdbox:%%h/mail:INDEXPVT=%h/shared_idx/%%u'
      subscriptions: no
      list: children


dovecot_dicts:
  acl: "pgsql:{{ dovecot_conf_dir }}/dovecot-dict-sql.conf.ext"


dovecot_plugin_config:
  trash: "{{ dovecot_conf_dir }}/dovecot-trash.conf.ext"

  lazy_expunge: "{{ dovecot_expunged_name }}"
  lazy_expunge_only_last_instance: yes

  acl: "vfile:{{ dovecot_conf_dir }}/dovecot.acl"
  acl_shared_dict: "proxy::acl"

  quota: "count:Account quota"
  quota_exceeded_message: Mailbox quota exceeded
  quota_grace: "5%%"
  quota_max_mail_size: "{{ mail_server.max_mail_size_bytes ~ 'B' }}"
  quota_rule: "*:storage={{ dovecot_max_quota_mb }}M"
  quota_rule2: "{{ dovecot_trash_name }}:storage=+200M"
  quota_rule3: "{{ dovecot_expunged_name }}:ignore"
  quota_status_success: DUNNO
  quota_status_nouser: DUNNO
  quota_status_overquota: "452 4.2.2 User mailbox is full"
  quota_vsizes: yes

  sieve_extensions: "-enotify -editheader"
  sieve_global_extensions: "+vnd.dovecot.pipe +vnd.dovecot.filter +vnd.dovecot.execute"
  sieve_max_actions: 64
  sieve_plugins: sieve_imapsieve sieve_extprograms

  sieve_pipe_bin_dir: "{{ dovecot_script_dir }}"
  sieve_execute_bin_dir: "{{ dovecot_script_dir }}"
  sieve_filter_bin_dir: "{{ dovecot_script_dir }}"

  sieve_spamtest_status_type: text
  sieve_spamtest_status_header: X-Spam
  sieve_spamtest_text_value0: No
  sieve_spamtest_text_value10: Yes

  sieve_before: "{{ dovecot_sieve_dir }}/spam-to-folder.sieve"


dovecot_user_pass_db:
  - type: passdb
    opts:
      driver: sql
      args: "{{ dovecot_conf_dir }}/dovecot-sql.conf.ext"
  - type: userdb
    opts:
      driver: prefetch
  - type: userdb
    opts:
      driver: sql
      args: "{{ dovecot_conf_dir }}/dovecot-sql.conf.ext"


dovecot_services:
  imap:
    opts:
      service_count: 16
      process_limit: 256

  imap-login:
    opts:
      service_count: 0
      process_min_avail: 1
      client_limit: 16
      service_count: 32

    listeners:
      - type: inet_listener
        name: imap
        opts:
          port: 143

      - type: inet_listener
        name: imaps
        opts:
          port: 993
          ssl: yes

  lmtp:
    opts:
      client_limit: 1
      vsz_limit: 192M

    listeners:
      - type: inet_listener
        opts:
          port: "{{ mail_server.mua_lmtp_port }}"

  auth:
    listeners:
      - type: inet_listener
        opts:
          port: "{{ mail_server.mua_auth_port }}"
      - type: unix_listener auth-userdb
        opts:
          mode: 0666
          user: "{{ dovecot_user }}"
          group: "{{ dovecot_group }}"

  quota-status:
    opts:
      executable: "/usr/libexec/dovecot/quota-status -p postfix"

    listeners:
      - type: inet_listener
        opts:
          port: "{{ mail_server.mua_quota_port }}"

  auth-worker:
    opts:
      user: "{{ dovecot_user }}"
      group: "{{ dovecot_group }}"

  dict:
    opts:
      user: "{{ dovecot_user }}"
      group: "{{ dovecot_group }}"
    listeners:
      - type: unix_listener dict
        opts:
          mode: 0666
          user: "{{ dovecot_user }}"
          group: "{{ dovecot_group }}"

  managesieve-login:
    opts:
      service_count: 0
      process_min_avail: 1

  managesieve:
    opts:
      process_limit: 512


dovecot_sieve_scripts:
  - src: sieve-spam
    dest: spam-to-folder