summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-22 18:02:37 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-22 18:02:37 +0200
commit73b2a602ee85706b2a1797632142058c6253ea5d (patch)
treed764d4483f1d7f2be1ff7df431d632afc8788648 /roles
parentb536632f32d81dceb11f2b7ebf2ec1a284498901 (diff)
dovecot: also listen on the virtual IP dedicated to IPSec.
(On port 143.) Moreover, add the whole IPSec virtual subnet to ‘login_trusted_networks’ since our IPSec tunnels provide end-to-end encryption and we therefore don't need the extra SSL/TLS protection.
Diffstat (limited to 'roles')
-rw-r--r--roles/IMAP/tasks/imap.yml21
-rw-r--r--roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2 (renamed from roles/IMAP/files/etc/dovecot/conf.d/10-master.conf)3
2 files changed, 17 insertions, 7 deletions
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml
index 39dc573..a596c42 100644
--- a/roles/IMAP/tasks/imap.yml
+++ b/roles/IMAP/tasks/imap.yml
@@ -96,7 +96,6 @@
- conf.d/10-auth.conf
- conf.d/10-logging.conf
- conf.d/10-mail.conf
- - conf.d/10-master.conf
- conf.d/10-ssl.conf
- conf.d/15-mailboxes.conf
- conf.d/20-imap.conf
@@ -109,23 +108,33 @@
notify:
- Restart Dovecot
+- name: Configure Dovecot (2)
+ template: src=etc/dovecot/{{ item }}.j2
+ dest=/etc/dovecot/{{ item }}
+ owner=root group=root
+ mode=0644
+ register: r2
+ with_items:
+ - conf.d/10-master.conf
+ notify:
+ - Restart Dovecot
+
- name: Tell Dovecot we have a remote IMAP proxy
- # XXX: we should have an automatic lookup here
lineinfile: dest=/etc/dovecot/dovecot.conf
regexp='^(\s*#)?\s*login_trusted_networks\s*='
- line='login_trusted_networks = 171.25.193.76/32'
+ line="login_trusted_networks = {{ ipsec_subnet }}"
state=present
create=yes
owner=root group=root
mode=0644
- register: r2
- when: "'IMAP' in group_names and 'webmail' not in group_names"
+ register: r3
+ when: "groups.all | length > 1"
notify:
- Restart Dovecot
- name: Start Dovecot
service: name=dovecot state=started
- when: not (r1.changed or r2.changed)
+ when: not (r1.changed or r2.changed or r3.changed)
- meta: flush_handlers
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2
index 9fcc549..4969550 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf
+++ b/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2
@@ -16,7 +16,8 @@
service imap-login {
inet_listener imap {
- port = 0
+ address = {{ ipsec[inventory_hostname_short] }}
+ port = 143
}
inet_listener imaps {
#port = 993