diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2016-05-22 18:02:37 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2016-05-22 18:02:37 +0200 |
commit | 73b2a602ee85706b2a1797632142058c6253ea5d (patch) | |
tree | d764d4483f1d7f2be1ff7df431d632afc8788648 | |
parent | b536632f32d81dceb11f2b7ebf2ec1a284498901 (diff) |
dovecot: also listen on the virtual IP dedicated to IPSec.
(On port 143.) Moreover, add the whole IPSec virtual subnet to
‘login_trusted_networks’ since our IPSec tunnels provide end-to-end
encryption and we therefore don't need the extra SSL/TLS protection.
-rw-r--r-- | roles/IMAP/tasks/imap.yml | 21 | ||||
-rw-r--r-- | roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2 (renamed from roles/IMAP/files/etc/dovecot/conf.d/10-master.conf) | 3 |
2 files changed, 17 insertions, 7 deletions
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml index 39dc573..a596c42 100644 --- a/roles/IMAP/tasks/imap.yml +++ b/roles/IMAP/tasks/imap.yml @@ -96,7 +96,6 @@ - conf.d/10-auth.conf - conf.d/10-logging.conf - conf.d/10-mail.conf - - conf.d/10-master.conf - conf.d/10-ssl.conf - conf.d/15-mailboxes.conf - conf.d/20-imap.conf @@ -109,23 +108,33 @@ notify: - Restart Dovecot +- name: Configure Dovecot (2) + template: src=etc/dovecot/{{ item }}.j2 + dest=/etc/dovecot/{{ item }} + owner=root group=root + mode=0644 + register: r2 + with_items: + - conf.d/10-master.conf + notify: + - Restart Dovecot + - name: Tell Dovecot we have a remote IMAP proxy - # XXX: we should have an automatic lookup here lineinfile: dest=/etc/dovecot/dovecot.conf regexp='^(\s*#)?\s*login_trusted_networks\s*=' - line='login_trusted_networks = 171.25.193.76/32' + line="login_trusted_networks = {{ ipsec_subnet }}" state=present create=yes owner=root group=root mode=0644 - register: r2 - when: "'IMAP' in group_names and 'webmail' not in group_names" + register: r3 + when: "groups.all | length > 1" notify: - Restart Dovecot - name: Start Dovecot service: name=dovecot state=started - when: not (r1.changed or r2.changed) + when: not (r1.changed or r2.changed or r3.changed) - meta: flush_handlers diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2 index 9fcc549..4969550 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf +++ b/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2 @@ -16,7 +16,8 @@ service imap-login { inet_listener imap { - port = 0 + address = {{ ipsec[inventory_hostname_short] }} + port = 143 } inet_listener imaps { #port = 993 |