6 files changed, 10 insertions, 109 deletions

diff --git a/roles/webmail/handlers/main.yml b/roles/webmail/handlers/main.yml
index 17a0dc4..d02cdda 100644
--- a/roles/webmail/handlers/main.yml
+++ b/roles/webmail/handlers/main.yml
@@ -1,9 +1,6 @@
 ---
-- name: Restart stunnel@smtp
-  service: name=stunnel4@smtp state=restarted
-
 - name: Restart stunnel@ldap
   service: name=stunnel4@ldap state=restarted
 
 - name: Restart Nginx
   service: name=nginx state=restarted
diff --git a/roles/webmail/tasks/mail.yml b/roles/webmail/tasks/mail.yml
deleted file mode 100644
index 78eee38..0000000
--- a/roles/webmail/tasks/mail.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-- name: Create /etc/stunnel/certs
-  file: path=/etc/stunnel/certs
-        state=directory
-        owner=root group=root
-        mode=0755
-
-- name: Copy the SMTP outgoing proxy's X.509 certificate
-  assemble: src=certs/postfix regexp="{{ groups.out | difference([inventory_hostname]) | join('|') }}\.pem$" remote_src=no
-            dest=/etc/stunnel/certs/smtp.pem
-            owner=root group=root
-            mode=0644
-  register: r1
-  notify:
-    - Restart stunnel@smtp
-
-- name: Configure stunnel
-  template: src=etc/stunnel/smtp.conf.j2
-            dest=/etc/stunnel/smtp.conf
-            owner=root group=root
-            mode=0644
-  register: r2
-  notify:
-    - Restart stunnel@smtp
-
-- name: Enable stunnel@smtp
-  service: name=stunnel4@smtp enabled=yes
-
-- name: Start stunnel@smtp
-  service: name=stunnel4@smtp state=started
-  when: not (r1.changed or r2.changed)
-
-- meta: flush_handlers
diff --git a/roles/webmail/tasks/main.yml b/roles/webmail/tasks/main.yml
index 9c40a34..cd9f0c7 100644
--- a/roles/webmail/tasks/main.yml
+++ b/roles/webmail/tasks/main.yml
@@ -1,15 +1,9 @@
-- include: mail.yml
-  when: "'out' not in group_names"
-  tags:
-    - postfix
-    - mail
-    - stunnel
 - include: ldap.yml
   when: "'LDAP-provider' not in group_names"
   tags:
     - ldap
     - stunnel
 - include: roundcube.yml
   tags:
     - roundcube
     - webmail
diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml
index 41ef907..d1fb8a2 100644
--- a/roles/webmail/tasks/roundcube.yml
+++ b/roles/webmail/tasks/roundcube.yml
@@ -32,50 +32,50 @@
   copy: src=usr/share/roundcube/skins/{{ item }}/images/fripost_logo.png
         dest=/usr/share/roundcube/skins/{{ item }}/images/fripost_logo.png
         owner=root group=root
         mode=0644
   with_items:
     - classic
     - larry
 
 - name: Configure Roundcube
   lineinfile: dest=/etc/roundcube/config.inc.php
               regexp='^\\s*\\$config\\[\'{{ item.var }}\'\\]\\s*='
               line='$config[\'{{ item.var }}\'] = {{ item.value }};'
               owner=root group=www-data
               mode=0640
   with_items:
     # Logging/Debugging
     - { var: smtp_log,               value: "false" }
     # IMAP
     #   WARNING: After hostname change update of mail_host column in users
     #   table is required to match old user data records with the new host.
-    - { var: default_host,           value: "'{{ ipsec[imapsvr.inventory_hostname_short] }}'" }
-    - { var: default_port,           value: "143"                                             }
-    - { var: imap_auth_type,         value: "'PLAIN'"                                         }
-    - { var: imap_cache,             value: "null"                                            }
-    - { var: imap_timeout,           value: "180"                                             }
-    - { var: imap_force_ns,          value: "true"                                            }
-    - { var: messages_cache,         value: "false"                                           }
+    - { var: default_host,           value: "'{{ imapsvr_addr | ipaddr }}'" }
+    - { var: default_port,           value: "143"                           }
+    - { var: imap_auth_type,         value: "'PLAIN'"                       }
+    - { var: imap_cache,             value: "null"                          }
+    - { var: imap_timeout,           value: "180"                           }
+    - { var: imap_force_ns,          value: "true"                          }
+    - { var: messages_cache,         value: "false"                         }
     # SMTP
-    - { var: smtp_server,            value: "'localhost'" }
-    - { var: smtp_port,              value: "2525"        }
+    - { var: smtp_server,            value: "'{{ postfix_instance.out.addr | ipaddr }}'" }
+    - { var: smtp_port,              value:  "{{ postfix_instance.out.port          }}"  }
     # System
     - { var: force_https,            value: "true"                       }
     - { var: login_autocomplete,     value: "2"                          }
     - { var: skin_logo,              value: "'/images/fripost_logo.png'" }
     - { var: username_domain,        value: "'fripost.org'"              }
     - { var: product_name,           value: "'Fripost Webmail'"          }
     # Plugins
     - { var: plugins,                value: "array('archive','additional_message_headers','managesieve','password')" }
     # Spell Checking
     - { var: enable_spellcheck,      value: "'true'"                                    }
     - { var: spellcheck_engine,      value: "'enchant'"                                 }
     - { var: spellcheck_languages,   value: "array('da','de','en','es','fr','no','sv')" }
     # User Interface
     - { var: skin,                   value: "'larry'"                        }
     - { var: language,               value: "'sv_SE'"                        }
     - { var: create_default_folders, value: "true"                           }
     - { var: support_url,            value: "'https://fripost.org/kontakt/'" }
     # User Preferences
     - { var: htmleditor,             value: "3"     }
     - { var: skip_deleted,           value: "true"  }
diff --git a/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2
index dcaca06..66af466 100644
--- a/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2
+++ b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2
@@ -1,33 +1,33 @@
 <?php
 
 // managesieve server port. When empty the port will be determined automatically
 // using getservbyname() function, with 4190 as a fallback.
 $config['managesieve_port'] = 4190;
 
 // managesieve server address, default is localhost.
 // Replacement variables supported in host name:
 // %h - user's IMAP hostname
 // %n - http hostname ($_SERVER['SERVER_NAME'])
 // %d - domain (http hostname without the first part)
 // For example %n = mail.domain.tld, %d = domain.tld
-$config['managesieve_host'] = '{{ ipsec[imapsvr.inventory_hostname_short] }}';
+$config['managesieve_host'] = '{{ imapsvr_addr | ipaddr }}';
 
 // authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
 // or none. Optional, defaults to best method supported by server.
 $config['managesieve_auth_type'] = 'PLAIN';
 
 // Optional managesieve authentication identifier to be used as authorization proxy.
 // Authenticate as a different user but act on behalf of the logged in user.
 // Works with PLAIN and DIGEST-MD5 auth.
 $config['managesieve_auth_cid'] = null;
 
 // Optional managesieve authentication password to be used for imap_auth_cid
 $config['managesieve_auth_pw'] = null;
 
 // use or not TLS for managesieve server connection
 // Note: tls:// prefix in managesieve_host is also supported
 $config['managesieve_usetls'] = false;
 
 // Connection scket context options
 // See http://php.net/manual/en/context.ssl.php
 // The example below enables server certificate validation
diff --git a/roles/webmail/templates/etc/stunnel/smtp.conf.j2 b/roles/webmail/templates/etc/stunnel/smtp.conf.j2
deleted file mode 100644
index ba38bfa..0000000
--- a/roles/webmail/templates/etc/stunnel/smtp.conf.j2
+++ /dev/null
@@ -1,58 +0,0 @@
-; **************************************************************************
-; * Global options                                                         *
-; **************************************************************************
-
-; setuid()/setgid() to the specified user/group in daemon mode
-setuid = stunnel4
-setgid = stunnel4
-
-; PID is created inside the chroot jail
-pid =
-foreground = yes
-
-; Only log messages at severity warning (4) and higher
-debug = 4
-
-; **************************************************************************
-; * Service defaults may also be specified in individual service sections  *
-; **************************************************************************
-
-; Certificate/key is needed in server mode and optional in client mode
-cert = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
-key  = /etc/postfix/ssl/{{ ansible_fqdn }}.key
-client = yes
-socket = a:SO_BINDTODEVICE=lo
-
-; Some performance tunings
-socket = l:TCP_NODELAY=1
-socket = r:TCP_NODELAY=1
-
-; Prevent MITM attacks
-verify = 4
-
-; Disable support for insecure protocols
-options = NO_SSLv2
-options = NO_SSLv3
-options = NO_TLSv1
-options = NO_TLSv1.1
-
-options = NO_COMPRESSION
-
-; These options provide additional security at some performance degradation
-options = SINGLE_ECDH_USE
-options = SINGLE_DH_USE
-
-; Select permitted SSL ciphers
-ciphers = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
-
-; **************************************************************************
-; * Service definitions (remove all services for inetd mode)               *
-; **************************************************************************
-
-[smtp]
-accept   = localhost:2525
-connect  = outgoing.fripost.org:{{ postfix_instance.out.port }}
-CAfile   = /etc/stunnel/certs/smtp.pem
-protocol = smtp
-
-; vim:ft=dosini