diff options
| -rw-r--r-- | roles/IMAP/tasks/imap.yml | 21 | ||||
| -rw-r--r-- | roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2 (renamed from roles/IMAP/files/etc/dovecot/conf.d/10-master.conf) | 3 |
2 files changed, 17 insertions, 7 deletions
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml index 39dc573..a596c42 100644 --- a/roles/IMAP/tasks/imap.yml +++ b/roles/IMAP/tasks/imap.yml @@ -79,70 +79,79 @@ - name: Fetch Dovecot's X.509 certificate # Ensure we don't fetch private data become: False fetch_cmd: cmd="openssl x509" stdin=/etc/dovecot/ssl/imap.fripost.org.pem dest=certs/public/imap.fripost.org.pem tags: - genkey - name: Configure Dovecot copy: src=etc/dovecot/{{ item }} dest=/etc/dovecot/{{ item }} owner=root group=root mode=0644 register: r1 with_items: - conf.d/10-auth.conf - conf.d/10-logging.conf - conf.d/10-mail.conf - - conf.d/10-master.conf - conf.d/10-ssl.conf - conf.d/15-mailboxes.conf - conf.d/20-imap.conf - conf.d/20-lmtp.conf - conf.d/90-plugin.conf - conf.d/90-sieve.conf - conf.d/auth-ldap.conf.ext - dovecot-ldap.conf.ext - dovecot-ldap-userdb.conf.ext notify: - Restart Dovecot +- name: Configure Dovecot (2) + template: src=etc/dovecot/{{ item }}.j2 + dest=/etc/dovecot/{{ item }} + owner=root group=root + mode=0644 + register: r2 + with_items: + - conf.d/10-master.conf + notify: + - Restart Dovecot + - name: Tell Dovecot we have a remote IMAP proxy - # XXX: we should have an automatic lookup here lineinfile: dest=/etc/dovecot/dovecot.conf regexp='^(\s*#)?\s*login_trusted_networks\s*=' - line='login_trusted_networks = 171.25.193.76/32' + line="login_trusted_networks = {{ ipsec_subnet }}" state=present create=yes owner=root group=root mode=0644 - register: r2 - when: "'IMAP' in group_names and 'webmail' not in group_names" + register: r3 + when: "groups.all | length > 1" notify: - Restart Dovecot - name: Start Dovecot service: name=dovecot state=started - when: not (r1.changed or r2.changed) + when: not (r1.changed or r2.changed or r3.changed) - meta: flush_handlers - name: Install 'dovecot_stats_' Munin wildcard plugin file: src=/usr/local/share/munin/plugins/dovecot_stats_ dest=/etc/munin/plugins/dovecot_stats_fripost.org owner=root group=root state=link force=yes tags: - munin - munin-node notify: - Restart munin-node - name: Install 'dovecot_logins' and 'dovecot_who' Munin plugin file: src=/usr/local/share/munin/plugins/{{ item }} dest=/etc/munin/plugins/{{ item }} owner=root group=root state=link force=yes diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2 index 9fcc549..4969550 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf +++ b/roles/IMAP/templates/etc/dovecot/conf.d/10-master.conf.j2 @@ -1,39 +1,40 @@ #default_process_limit = 100 #default_client_limit = 1000 # Default VSZ (virtual memory size) limit for service processes. This is mainly # intended to catch and kill processes that leak memory before they eat up # everything. #default_vsz_limit = 256M # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. #default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. #default_internal_user = dovecot service imap-login { inet_listener imap { - port = 0 + address = {{ ipsec[inventory_hostname_short] }} + port = 143 } inet_listener imaps { #port = 993 #ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> #service_count = 1 # Max. number of IMAP processes (logins) process_limit = 256 # Number of processes to always keep waiting for more connections. process_min_avail = 4 # If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit } |