diff options
Diffstat (limited to 'roles/IMAP')
-rw-r--r-- | roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | 2 | ||||
-rw-r--r-- | roles/IMAP/tasks/imap.yml | 19 |
2 files changed, 4 insertions, 17 deletions
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf index dc0b5bf..114388e 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf @@ -9,7 +9,7 @@ ssl = required # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = </etc/dovecot/ssl/imap.fripost.org.pem +ssl_cert = </etc/dovecot/ssl/imap.fripost.org.chained.pem ssl_key = </etc/dovecot/ssl/imap.fripost.org.key # If key file is password protected, give the password here. Alternatively diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml index ec1aaac..c9686c9 100644 --- a/roles/IMAP/tasks/imap.yml +++ b/roles/IMAP/tasks/imap.yml @@ -76,19 +76,6 @@ owner=root group=root mode=0755 -- name: Generate a private key and a X.509 certificate for Dovecot - command: genkeypair.sh x509 - --pubkey=/etc/dovecot/ssl/imap.fripost.org.pem - --privkey=/etc/dovecot/ssl/imap.fripost.org.key - --ou=IMAP --cn=imap.fripost.org - -t rsa -b 4096 -h sha512 - register: r1 - changed_when: r1.rc == 0 - failed_when: r1.rc > 1 - notify: - - Restart Dovecot - tags: - - genkey - name: Fetch Dovecot's X.509 certificate # Ensure we don't fetch private data @@ -105,7 +92,7 @@ dest=/etc/dovecot/{{ item }} owner=root group=root mode=0644 - register: r2 + register: r1 with_items: - conf.d/10-auth.conf - conf.d/10-logging.conf @@ -132,14 +119,14 @@ create=yes owner=root group=root mode=0644 - register: r3 + register: r2 when: "'IMAP' in group_names and 'webmail' not in group_names" notify: - Restart Dovecot - name: Start Dovecot service: name=dovecot state=started - when: not (r1.changed or r2.changed or r3.changed) + when: not (r1.changed or r2.changed) - meta: flush_handlers |