- name: Install Dovecot apt: pkg={{ item }} with_items: - dovecot-core - dovecot-ldap - dovecot-imapd - dovecot-lmtpd - dovecot-antispam - dovecot-managesieved - dovecot-sieve - name: Create a user 'vmail' user: name=vmail system=yes createhome=no home=/home/mail shell=/usr/sbin/nologin password=! state=present ## TODO: make a LDAP query listing all users using iterate_attrs and ## iterate_filter. (Alternatively, use a dict, see ## https://www.opensource.apple.com/source/dovecot/dovecot-293/dovecot.Config/dovecot-dict-auth.conf.ext) ## Required for dbox, see ## http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox #- name: Create a nightly cron job to purge expunged messages # cron: name="Purge expunged messages" # minute=7 hour=5 # user=vmail cron_file=doveadm-purge # job="/usr/bin/doveadm purge -A" # The ownership and permissions ensure that dovecot won't try to # deliver mails under an umounted mountpoint. - name: Create a home directory for user 'vmail' file: path=/home/mail state=directory owner=root group=root mode=0755 - name: Create /home/mail/virtual file: path=/home/mail/virtual state=directory owner=vmail group=vmail mode=0700 - name: Create virtual mailbox directories file: path=/etc/dovecot/virtual/{{ item }} state=directory owner=root group=root mode=0755 with_items: - all - flagged - recent - unseen - name: Create virtual mailboxes copy: src=etc/dovecot/virtual/{{ item }}/dovecot-virtual dest=/etc/dovecot/virtual/{{ item }}/dovecot-virtual owner=root group=root mode=0644 with_items: - all - flagged - recent - unseen - name: Create directory /home/mail/spamspool file: path=/home/mail/spamspool state=directory owner=vmail group=vmail mode=0700 - name: Create directory /etc/dovecot/ssl file: path=/etc/dovecot/ssl state=directory owner=root group=root mode=0755 - name: Generate a private key and a X.509 certificate for Dovecot command: genkeypair.sh x509 --pubkey=/etc/dovecot/ssl/imap.fripost.org.pem --privkey=/etc/dovecot/ssl/imap.fripost.org.key --ou=IMAP --cn=imap.fripost.org -t rsa -b 4096 -h sha512 register: r1 changed_when: r1.rc == 0 failed_when: r1.rc > 1 notify: - Restart Dovecot tags: - genkey - name: Fetch Dovecot's X.509 certificate # Ensure we don't fetch private data sudo: False fetch: src=/etc/dovecot/ssl/imap.fripost.org.pem dest=certs/dovecot/ fail_on_missing=yes flat=yes tags: - genkey - name: Configure Dovecot copy: src=etc/dovecot/{{ item }} dest=/etc/dovecot/{{ item }} owner=root group=root mode=0644 register: r2 with_items: - conf.d/10-auth.conf - conf.d/10-logging.conf - conf.d/10-mail.conf - conf.d/10-master.conf - conf.d/10-ssl.conf - conf.d/15-mailboxes.conf - conf.d/20-imap.conf - conf.d/20-lmtp.conf - conf.d/90-plugin.conf - conf.d/90-sieve.conf - conf.d/auth-ldap.conf.ext - dovecot-ldap.conf.ext - dovecot-ldap-userdb.conf.ext notify: - Restart Dovecot - name: Tell Dovecot we have a remote IMAP proxy # XXX: we should have an automatic lookup here lineinfile: dest=/etc/dovecot/dovecot.conf regexp='^(\s*#)?\s*login_trusted_networks\s*=' line='login_trusted_networks = 171.25.193.76/32' state=present create=yes owner=root group=root mode=0644 register: r3 when: "'IMAP' in group_names and 'webmail' not in group_names" notify: - Restart Dovecot - name: Start Dovecot service: name=dovecot state=started when: not (r1.changed or r2.changed or r3.changed) - meta: flush_handlers - name: Install 'dovecot_stats_' Munin wildcard plugin file: src=/usr/local/share/munin/plugins/dovecot_stats_ dest=/etc/munin/plugins/dovecot_stats_fripost.org owner=root group=root state=link force=yes tags: - munin - munin-node notify: - Restart munin-node - name: Install 'dovecot_logins' and 'dovecot_who' Munin plugin file: src=/usr/local/share/munin/plugins/{{ item }} dest=/etc/munin/plugins/{{ item }} owner=root group=root state=link force=yes with_items: - dovecot_logins - dovecot_who tags: - munin - munin-node notify: - Restart munin-node