📗 Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

290 lines
7.3 KiB

dovecot_user: dovecot
dovecot_group: dovecot
dovecot_mail_user: dovemail
dovecot_mail_group: dovemail
dovecot_null_user: dovenull
dovecot_conf_dir: /etc/dovecot
dovecot_tls_dir: "{{ dovecot_conf_dir }}/tls"
dovecot_sieve_dir: "{{ dovecot_conf_dir }}/sieve"
dovecot_mail_dir: /opt/mail
dovecot_script_dir: "{{ dovecot_conf_dir }}/scripts"
dovecot_tls_dh2048: "{{ dovecot_tls_dir }}/dh2048.pem"
dovecot_tls_int_ecc384_key: "{{ dovecot_tls_dir }}/ecc384.key"
dovecot_tls_int_ecc384_cert: "{{ dovecot_tls_dir }}/ecc384.crt"
dovecot_tls_int_rsa2048_key: "{{ dovecot_tls_dir }}/rsa2048.key"
dovecot_tls_int_rsa2048_cert: "{{ dovecot_tls_dir }}/rsa2048.crt"
dovecot_drafts_name: Drafts
dovecot_junk_name: Junk
dovecot_sent_name: Sent
dovecot_trash_name: Trash
dovecot_expunged_name: .EXPUNGED
dovecot_max_quota_mb: 5000
dovecot_default_config:
protocols: imap lmtp sieve
hostname: "{{ (mail_server.mua_actual_hostname | d(host_name)) ~ '@' ~ mail_server.tld }}"
login_greeting: "IMAPS {{ org }} (Dovecot) ready"
auth_cache_ttl: 20m
auth_cache_size: 2M
auth_cache_negative_ttl: 5m
auth_mechanisms:
- plain
- login
- digest-md5
- cram-md5
- scram-sha-1
- scram-sha-256
auth_default_realm: "{{ mail_server.tld }}"
auth_realms: "{{ mail_server.tld }}"
auth_worker_max_count: 5
default_internal_user: "{{ dovecot_user }}"
default_internal_group: "{{ dovecot_group }}"
default_login_user: "{{ dovecot_null_user }}"
default_process_limit: 50
default_vsz_limit: 64M
disable_plaintext_auth: yes
imap_capability: "+SPECIAL-USE"
imap_id_send: '"name" * "version" * support-email postmaster@{{ mail_server.tld }}'
mail_attachment_detection_options: add-flags
mail_attribute_dict: "file:%h/mail_attrib"
mail_gid: "{{ dovecot_mail_group }}"
mail_home: "{{ dovecot_mail_dir }}/%Ld/%Ln"
mail_location: "mdbox:%h/mail:UTF-8"
mail_max_keyword_length: 100
mail_server_admin: "mailto:{{ maintainer_email }}"
mail_server_comment: "Dovecot IMAPS server - {{ org }}"
mail_temp_scan_interval: 24h
mail_uid: "{{ dovecot_mail_user }}"
postmaster_address: "postmaster@{{ mail_server.tld }}"
quota_full_tempfail: yes
recipient_delimiter: '+'
submission_client_workarounds: whitespace-before-path mailbox-for-path
ssl: required
ssl_cert: "<{{ dovecot_tls_int_ecc384_cert }}"
ssl_key: "<{{ dovecot_tls_int_ecc384_key }}"
ssl_alt_cert: "<{{ dovecot_tls_int_rsa2048_cert }}"
ssl_alt_key: "<{{ dovecot_tls_int_rsa2048_key }}"
ssl_cipher_suites: "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256"
ssl_dh: "<{{ dovecot_tls_dh2048 }}"
ssl_min_protocol: TLSv1.2
ssl_prefer_server_ciphers: yes
mail_plugins: "$mail_plugins mailbox_alias lazy_expunge listescape trash quota acl"
dovecot_protocols:
imap:
imap_metadata: yes
mail_plugins: "$mail_plugins imap_zlib imap_quota imap_acl imap_sieve"
lmtp:
mail_plugins: "$mail_plugins sieve"
lmtp_client_workarounds: whitespace-before-path mailbox-for-path
lmtp_user_concurrency_limit: 25
lda:
mail_plugins: "$mail_plugins sieve"
lda_mailbox_autocreate: yes
lda_mailbox_autosubscribe: yes
sieve:
mail_max_userip_connections: 50
dovecot_namespaces:
- name: inbox
opts:
inbox: yes
separator: '/'
mailboxes:
- name: INBOX
opts:
auto: subscribe
- name: "{{ dovecot_drafts_name }}"
opts:
auto: subscribe
special_use: '\Drafts'
- name: "{{ dovecot_junk_name }}"
opts:
auto: subscribe
special_use: '\Junk'
autoexpunge: 90d
- name: "{{ dovecot_sent_name }}"
opts:
auto: subscribe
special_use: '\Sent'
- name: "{{ dovecot_trash_name }}"
opts:
auto: subscribe
special_use: '\Trash'
autoexpunge: 90d
- name: "{{ dovecot_expunged_name }}"
opts:
auto: create
autoexpunge: 180d
- name: shared
opts:
type: shared
separator: '/'
prefix: 'Общие/%%u/'
location: 'mdbox:%%h/mail:INDEXPVT=%h/shared_idx/%%u'
subscriptions: no
list: children
dovecot_dicts:
acl: "pgsql:{{ dovecot_conf_dir }}/dovecot-dict-sql.conf.ext"
dovecot_plugin_config:
trash: "{{ dovecot_conf_dir }}/dovecot-trash.conf.ext"
lazy_expunge: "{{ dovecot_expunged_name }}"
lazy_expunge_only_last_instance: yes
acl: "vfile:{{ dovecot_conf_dir }}/dovecot.acl"
acl_shared_dict: "proxy::acl"
quota: "count:Account quota"
quota_exceeded_message: Mailbox quota exceeded
quota_grace: "5%%"
quota_max_mail_size: "{{ mail_server.max_mail_size_bytes ~ 'B' }}"
quota_rule: "*:storage={{ dovecot_max_quota_mb }}M"
quota_rule2: "{{ dovecot_trash_name }}:storage=+200M"
quota_rule3: "{{ dovecot_expunged_name }}:ignore"
quota_status_success: DUNNO
quota_status_nouser: DUNNO
quota_status_overquota: "452 4.2.2 User mailbox is full"
quota_vsizes: yes
sieve_extensions: "-enotify -editheader"
sieve_global_extensions: "+vnd.dovecot.pipe +vnd.dovecot.filter +vnd.dovecot.execute"
sieve_max_actions: 64
sieve_plugins: sieve_imapsieve sieve_extprograms
sieve_pipe_bin_dir: "{{ dovecot_script_dir }}"
sieve_execute_bin_dir: "{{ dovecot_script_dir }}"
sieve_filter_bin_dir: "{{ dovecot_script_dir }}"
sieve_spamtest_status_type: text
sieve_spamtest_status_header: X-Spam
sieve_spamtest_text_value0: No
sieve_spamtest_text_value10: Yes
sieve_before: "{{ dovecot_sieve_dir }}/spam-to-folder.sieve"
dovecot_user_pass_db:
- type: passdb
opts:
driver: sql
args: "{{ dovecot_conf_dir }}/dovecot-sql.conf.ext"
- type: userdb
opts:
driver: prefetch
- type: userdb
opts:
driver: sql
args: "{{ dovecot_conf_dir }}/dovecot-sql.conf.ext"
dovecot_services:
imap:
opts:
service_count: 16
process_limit: 256
imap-login:
opts:
service_count: 0
process_min_avail: 1
client_limit: 16
service_count: 32
listeners:
- type: inet_listener
name: imap
opts:
port: 143
- type: inet_listener
name: imaps
opts:
port: 993
ssl: yes
lmtp:
opts:
client_limit: 1
vsz_limit: 192M
listeners:
- type: inet_listener
opts:
port: "{{ mail_server.mua_lmtp_port }}"
auth:
listeners:
- type: inet_listener
opts:
port: "{{ mail_server.mua_auth_port }}"
- type: unix_listener auth-userdb
opts:
mode: 0666
user: "{{ dovecot_user }}"
group: "{{ dovecot_group }}"
quota-status:
opts:
executable: "/usr/libexec/dovecot/quota-status -p postfix"
listeners:
- type: inet_listener
opts:
port: "{{ mail_server.mua_quota_port }}"
auth-worker:
opts:
user: "{{ dovecot_user }}"
group: "{{ dovecot_group }}"
dict:
opts:
user: "{{ dovecot_user }}"
group: "{{ dovecot_group }}"
listeners:
- type: unix_listener dict
opts:
mode: 0666
user: "{{ dovecot_user }}"
group: "{{ dovecot_group }}"
managesieve-login:
opts:
service_count: 0
process_min_avail: 1
managesieve:
opts:
process_limit: 512
dovecot_sieve_scripts:
- src: sieve-spam
dest: spam-to-folder