- name: Install Dovecot apt: pkg={{ packages }} vars: packages: - dovecot-core - dovecot-ldap - dovecot-imapd - dovecot-lmtpd - dovecot-antispam - dovecot-managesieved - dovecot-sieve - name: Create a user 'vmail' user: name=vmail system=yes createhome=no home=/home/mail shell=/usr/sbin/nologin password=! state=present - name: Install Net::LDAP and Authen::SASL apt: pkg={{ packages }} vars: packages: - libnet-ldap-perl - libauthen-sasl-perl - name: Copy dovecot auth proxy copy: src=usr/local/bin/dovecot-auth-proxy.pl dest=/usr/local/bin/dovecot-auth-proxy.pl owner=root group=staff mode=0755 # Required for IDLE as all imap processes have the same UID (vmail). - name: Set per user maximum number of inotify instances to 512 sysctl: name=fs.inotify.max_user_instances value=512 sysctl_set=yes tags: - sysctl - name: Create '_dovecot-auth-proxy' user user: name=_dovecot-auth-proxy system=yes group=nogroup createhome=no home=/nonexistent shell=/usr/sbin/nologin password=! state=present - name: Copy dovecot auth proxy systemd unit files copy: src=etc/systemd/system/{{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 with_items: - dovecot-auth-proxy.service - dovecot-auth-proxy.socket notify: - systemctl daemon-reload - meta: flush_handlers - name: Enable dovecot auth proxy service: name=dovecot-auth-proxy.socket state=started enabled=yes # The ownership and permissions ensure that dovecot won't try to # deliver mails under an umounted mountpoint. - name: Create a home directory for user 'vmail' file: path=/home/mail state=directory owner=root group=root mode=0755 - name: Mount /home/mail mount: src=/dev/mapper/luksMail path=/home/mail fstype=ext4 opts=noauto state=mounted - name: Create /home/mail/{virtual,attachments,spamspool} file: path=/home/mail/{{ item }} state=directory owner=vmail group=vmail mode=0700 with_items: - virtual - attachments - spamspool - name: Create a cronjob for purging and SIS deduplication copy: src=etc/cron.d/doveadm dest=/etc/cron.d/doveadm owner=root group=root mode=0644 - name: Create virtual mailbox directories file: path=/etc/dovecot/virtual/{{ item }} state=directory owner=root group=root mode=0755 with_items: - all - flagged - recent - unseen - name: Create virtual mailboxes copy: src=etc/dovecot/virtual/{{ item }}/dovecot-virtual dest=/etc/dovecot/virtual/{{ item }}/dovecot-virtual owner=root group=root mode=0644 with_items: - all - flagged - recent - unseen - name: Create directory /etc/dovecot/ssl file: path=/etc/dovecot/ssl state=directory owner=root group=root mode=0755 - name: Fetch Dovecot's X.509 certificate # Ensure we don't fetch private data become: False fetch_cmd: cmd="openssl x509 -noout -pubkey" stdin=/etc/dovecot/ssl/imap.fripost.org.pem dest=certs/public/imap.fripost.org.pub tags: - genkey - name: Configure Dovecot copy: src=etc/dovecot/{{ item }} dest=/etc/dovecot/{{ item }} owner=root group=root mode=0644 register: r1 with_items: - conf.d/10-auth.conf - conf.d/auth-ldap.conf.ext - dovecot-ldap.conf.ext - dovecot-ldap-userdb.conf.ext notify: - Restart Dovecot - name: Configure Dovecot (2) template: src=etc/dovecot/{{ item }}.j2 dest=/etc/dovecot/{{ item }} owner=root group=root mode=0644 register: r2 with_items: - conf.d/99-local.conf notify: - Restart Dovecot # TODO bookworm remove the below and inline the !include_try - name: Copy /etc/dovecot/ssl/config workaround copy: src=etc/dovecot/ssl/config dest=/etc/dovecot/ssl/config owner=root group=root mode=0600 notify: - Restart Dovecot - name: Tell Dovecot we have a remote IMAP proxy lineinfile: dest=/etc/dovecot/dovecot.conf regexp='^(\s*#)?\s*login_trusted_networks\s*=' line="login_trusted_networks = {{ ipsec_subnet }}" state=present create=yes owner=root group=root mode=0644 register: r3 when: "groups.all | length > 1" notify: - Restart Dovecot - name: Start Dovecot service: name=dovecot state=started when: not (r1.changed or r2.changed or r3.changed) - meta: flush_handlers - name: Install 'dovecot_stats_' Munin wildcard plugin file: src=/usr/local/share/munin/plugins/dovecot_stats_ dest=/etc/munin/plugins/dovecot_stats_fripost.org owner=root group=root state=link force=yes tags: - munin - munin-node notify: - Restart munin-node - name: Install 'dovecot_logins' and 'dovecot_who' Munin plugin file: src=/usr/local/share/munin/plugins/{{ item }} dest=/etc/munin/plugins/{{ item }} owner=root group=root state=link force=yes with_items: - dovecot_logins - dovecot_who tags: - munin - munin-node notify: - Restart munin-node