diff options
| -rw-r--r-- | roles/IMAP/tasks/imap.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/ipsec.yml | 2 | ||||
| -rw-r--r-- | roles/webmail/tasks/roundcube.yml | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml index c9471f3..5424485 100644 --- a/roles/IMAP/tasks/imap.yml +++ b/roles/IMAP/tasks/imap.yml @@ -49,41 +49,41 @@ owner=root group=root mode=0644 with_items: - all - flagged - recent - unseen - name: Create directory /home/mail/spamspool # There is no possibility for a name clash, since 'spamspool' isn't a # valid domain file: path=/home/mail/spamspool state=directory owner=vmail group=vmail mode=0700 - name: Generate a private key and a X.509 certificate for Dovecot command: genkeypair.sh x509 --pubkey=/etc/dovecot/ssl/imap.fripost.org.pem --privkey=/etc/dovecot/ssl/imap.fripost.org.key - --dns imap.fripost.org + --dns=imap.fripost.org -t rsa -b 4096 -h sha512 register: r1 changed_when: r1.rc == 0 failed_when: r1.rc > 1 notify: - Restart Dovecot - name: Configure Dovecot copy: src=etc/dovecot/{{ item }} dest=/etc/dovecot/{{ item }} owner=root group=root mode=0644 register: r2 with_items: - conf.d/10-auth.conf - conf.d/10-logging.conf - conf.d/10-mail.conf - conf.d/10-master.conf - conf.d/10-ssl.conf - conf.d/15-mailboxes.conf diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml index 0dbf3e1..51d717f 100644 --- a/roles/common/tasks/ipsec.yml +++ b/roles/common/tasks/ipsec.yml @@ -1,28 +1,28 @@ - name: Install strongSwan apt: pkg=strongswan-ikev2 - name: Generate a private key and a X.509 certificate for IPSec command: genkeypair.sh x509 --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key - --dns {{ inventory_hostname }} + --dns={{ inventory_hostname }} -t ecdsa -b secp521r1 -h sha512 register: r1 changed_when: r1.rc == 0 failed_when: r1.rc > 1 notify: - Restart IPSec - name: Fetch the public part of IPSec's host key sudo: False # Ensure we don't fetch private data fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem dest=certs/ipsec/ fail_on_missing=yes flat=yes # Don't copy our pubkey due to a possible race condition. Only the # remote machine has authority regarding its key. - name: Copy IPSec host pubkeys (except ours) copy: src=certs/ipsec/{{ item }}.pem dest=/etc/ipsec.d/certs/{{ item }}.pem diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml index d79304e..2085974 100644 --- a/roles/webmail/tasks/roundcube.yml +++ b/roles/webmail/tasks/roundcube.yml @@ -65,41 +65,41 @@ - classic - larry - name: Configure Roundcube plugins template: src=usr/share/roundcube/plugins/{{ item }}/config.inc.php.j2 dest=/usr/share/roundcube/plugins/{{ item }}/config.inc.php owner=root group=root mode=0644 with_items: - additional_message_headers - managesieve - password - name: Start php5-fpm service: name=php5-fpm state=started - name: Generate a private key and a X.509 certificate for Nginx command: genkeypair.sh x509 --pubkey=/etc/nginx/ssl/mail.fripost.org.pem --privkey=/etc/nginx/ssl/mail.fripost.org.key - --dns mail.fripost.org + --dns=mail.fripost.org -t rsa -b 4096 -h sha512 register: r1 changed_when: r1.rc == 0 failed_when: r1.rc > 1 notify: - Restart Nginx - name: Copy /etc/nginx/sites-available/roundcube copy: src=etc/nginx/sites-available/roundcube dest=/etc/nginx/sites-available/roundcube owner=root group=root mode=0644 register: r2 notify: - Restart Nginx - name: Create /etc/nginx/sites-enabled/roundcube file: src=../sites-available/roundcube dest=/etc/nginx/sites-enabled/roundcube owner=root group=root |