From ebab80fc4e8e1999833f9295649766133eb4d6fa Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 28 Jun 2014 23:21:51 +0200
Subject: Generate certs for Dovecot and Nginx if they are not there.

---
 roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf |  4 ++--
 roles/IMAP/tasks/imap.yml                       | 16 ++++++++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

(limited to 'roles/IMAP')

diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index c727f4b..c5e61d7 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -21,8 +21,8 @@ local 172.16.0.1 {
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/dovecot/dovecot.pem
-ssl_key = </etc/dovecot/private/dovecot.pem
+ssl_cert = </etc/dovecot/ssl/imap.fripost.org.pem
+ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml
index 6191a50..c9471f3 100644
--- a/roles/IMAP/tasks/imap.yml
+++ b/roles/IMAP/tasks/imap.yml
@@ -62,12 +62,24 @@
         owner=vmail group=vmail
         mode=0700
 
+- name: Generate a private key and a X.509 certificate for Dovecot
+  command: genkeypair.sh x509
+                         --pubkey=/etc/dovecot/ssl/imap.fripost.org.pem
+                         --privkey=/etc/dovecot/ssl/imap.fripost.org.key
+                         --dns imap.fripost.org
+                         -t rsa -b 4096 -h sha512
+  register: r1
+  changed_when: r1.rc == 0
+  failed_when: r1.rc > 1
+  notify:
+    - Restart Dovecot
+
 - name: Configure Dovecot
   copy: src=etc/dovecot/{{ item }}
         dest=/etc/dovecot/{{ item }}
         owner=root group=root
         mode=0644
-  register: r
+  register: r2
   with_items:
     - conf.d/10-auth.conf
     - conf.d/10-logging.conf
@@ -87,6 +99,6 @@
 
 - name: Start Dovecot
   service: name=dovecot state=started
-  when: not r.changed
+  when: not (r1.changed or r2.changed)
 
 - meta: flush_handlers
-- 
cgit v1.2.3