ansible-role-mail/tasks/dovecot.yml

---
# vim: set et sw=2 ts=2 sts=2:

- name: dovecot-service.conf set file limit
  copy:
    dest: /etc/systemd/system/dovecot.service.d/service.conf
    content: |
      [Service]
      LimitNOFILE=16384

- name: dovecot-configs
  copy:
    src: "{{item}}"
    dest: /etc/dovecot
    owner: root
    group: dovecot
    mode: 0444
  with_fileglob:
  - "dovecot/*"
- name: dovecot-configs in conf.d
  copy:
    src: "{{item}}"
    dest: /etc/dovecot/conf.d
    owner: root
    group: dovecot
    mode: 0444
  with_fileglob:
  - "dovecot/conf.d/*"

- name: 'deactivate auth-system'
  lineinfile:
    path: /etc/dovecot/conf.d/10-auth.conf
    line: "#!include auth-system.conf.ext"
    regexp: "^#?!include auth-system\\.conf\\.ext"
- name: 'activate auth-ldap,-passwdfile'
  lineinfile:
    path: /etc/dovecot/conf.d/10-auth.conf
    line: "!include {{item}}.conf.ext"
    regexp: "^#?!include {{item}}.conf.ext"
  with_items:
  - auth-ldap
  - auth-passwdfile

- name: 'dovecot: 10-ssl.conf'
  lineinfile:
    path: /etc/dovecot/conf.d/10-ssl.conf
    insertafter: "^#{{item.key}} *= *"
    regexp: "^{{item.key}} *= *"
    line: "{{item.key}} = {{item.value}}"
  with_dict:
    ssl: required
    ssl_key: "</etc/dovecot/tls/{{mail_server_fqdn}}.key"
    ssl_cert: "</etc/dovecot/tls/{{mail_server_fqdn}}.crt"
    ssl_min_protocol: 'TLSv1.2'
    #ssl_cipher_list: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
    ssl_cipher_list: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
    ssl_prefer_server_ciphers: 'yes'
    ssl_dh_parameters_length: 2048
- name: 'dovecot: 20-lmtp.conf'
  lineinfile:
    path: /etc/dovecot/conf.d/20-lmtp.conf
    insertafter: "^[ \t]*#{{item.key}} *= *"
    regexp: "^[ \t]*{{item.key}} *= *"
    line: "  {{item.key}} = {{item.value}}"
  with_dict:
    mail_plugins: '$mail_plugins quota sieve'
- name: 'dovecot: 20-imap.conf: activated plugins'
  lineinfile:
    path: /etc/dovecot/conf.d/20-imap.conf
    insertafter: "^[\t ]*#{{item.key}} *= *"
    regexp: "^[\t ]*{{item.key}} *= *"
    line: "  {{item.key}} = {{item.value}}"
  with_dict:
    mail_plugins: '$mail_plugins imap_sieve imap_acl'
- name: 'dovecot: 90-acl.conf: shared-mailboxes-dict'
  lineinfile:
    path: /etc/dovecot/conf.d/90-acl.conf
    insertafter: "^[\t ]*#{{item.key}} *= *"
    regexp: "^[\t ]*{{item.key}} *= *"
    line: "  {{item.key}} = {{item.value}}"
  with_dict:
    acl_shared_dict: 'file:/var/mail/%Ld/shared-mailboxes.db'
- name: 'dovecot: auth-ldap.conf.ext'
  lineinfile:
    path: /etc/dovecot/conf.d/auth-ldap.conf.ext
    insertafter: "^[\t ]*#{{item.key}} *= *"
    regexp: "^[\t ]*{{item.key}} *= *"
    line: "  {{item.key}} = {{item.value}}"
  with_dict:
    default_fields: 'home=/var/mail/%Ld/%Ln'
- name: 'dovecot: 90-sieve.conf'
  lineinfile:
    path: /etc/dovecot/conf.d/90-sieve.conf
    insertafter: "^[\t ]*#{{item.key}} *= *"
    regexp: "^[\t ]*{{item.key}} *= *"
    line: "  {{item.key}} = {{item.value}}"
  with_dict:
    sieve: 'file:/var/mail/%Ld/%Ln/sieve;active=/var/mail/%Ld/%Ln/active.sieve'
    sieve_extensions: '+editheader +vnd.dovecot.debug +vnd.dovecot.pipe'
    sieve_max_redirects: 25
    sieve_max_actions: 64
- name: 'dovecot: dovecot-ldap.conf.ext'
  lineinfile:
    path: /etc/dovecot/dovecot-ldap.conf.ext
    insertafter: "^#{{item.key}} *= *"
    regexp: "^{{item.key}} *= *"
    line: "{{item.key}} = {{item.value}}"
  with_dict:
    uris: '{{dovecot_ldap_utis}}'
    ldaprc_path: '{{dovecot_ldap_ldaprc_path}}'
    auth_bind: 'yes'
    ldap_version: 3
    base: '{{dovecot_ldap_base}}'
    scope: '{{dovecot_ldap_scope}}'
    user_filter: '{{dovecot_ldap_user_filter}}'
    user_attrs: '{{dovecot_ldap_user_attrs}}'
    pass_filter: '{{dovecot_ldap_pass_filter}}'
    pass_attrs: '{{dovecot_ldap_pass_attrs}}'
    iterate_attrs: '{{dovecot_ldap_iterate_attrs}}'
    iterate_filter: '{{dovecot_ldap_iterate_filter}}'

- name: dummy files if needed
  copy:
    dest: '{{item.key}}'
    content: '{{item.value}}'
    force: no
  with_dict:
    "/etc/dovecot/users": ''

- name: 'dovecot: special users'
  lineinfile:
    path: /etc/dovecot/users
    line: '{{item}}::::::::'
    regexp: '{{item|regex_escape()}}'
  with_items: '{{dovecot_special_users}}'

- name: 'install sieve-scripts (templates)'
  shell: 'doveadm sieve put -u {{item.user|quote}} -a {{item.name|default("main")|quote}}'
  args:
    stdin_add_newline: false
    stdin: '{{lookup("file", item.file)|quote}}'
  with_items: '{{mail_sieve_scripts}}'
- name: 'install sieve-scripts (templates)'
  shell: 'doveadm sieve put -u {{item.user|quote}} -a {{item.name|default("main")|quote}}'
  args:
    stdin_add_newline: false
    stdin: '{{lookup("template", item.file)|quote}}'
  with_items: '{{mail_sieve_scripts_templates}}'
init 2020-11-07 20:27:01 +01:00			`---`
			`# vim: set et sw=2 ts=2 sts=2:`

			`- name: dovecot-service.conf set file limit`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`copy:`
			`dest: /etc/systemd/system/dovecot.service.d/service.conf`
			`content: \|`
			`[Service]`
			`LimitNOFILE=16384`
init 2020-11-07 20:27:01 +01:00
			`- name: dovecot-configs`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`copy:`
			`src: "{{item}}"`
			`dest: /etc/dovecot`
			`owner: root`
			`group: dovecot`
			`mode: 0444`
			`with_fileglob:`
			`- "dovecot/*"`
init 2020-11-07 20:27:01 +01:00			`- name: dovecot-configs in conf.d`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`copy:`
			`src: "{{item}}"`
			`dest: /etc/dovecot/conf.d`
			`owner: root`
			`group: dovecot`
			`mode: 0444`
			`with_fileglob:`
			`- "dovecot/conf.d/*"`
init 2020-11-07 20:27:01 +01:00
			`- name: 'deactivate auth-system'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/conf.d/10-auth.conf`
			`line: "#!include auth-system.conf.ext"`
			`regexp: "^#?!include auth-system\\.conf\\.ext"`
init 2020-11-07 20:27:01 +01:00			`- name: 'activate auth-ldap,-passwdfile'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/conf.d/10-auth.conf`
			`line: "!include {{item}}.conf.ext"`
			`regexp: "^#?!include {{item}}.conf.ext"`
			`with_items:`
			`- auth-ldap`
			`- auth-passwdfile`
init 2020-11-07 20:27:01 +01:00
			`- name: 'dovecot: 10-ssl.conf'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/conf.d/10-ssl.conf`
			`insertafter: "^#{{item.key}} = "`
			`regexp: "^{{item.key}} = "`
			`line: "{{item.key}} = {{item.value}}"`
			`with_dict:`
			`ssl: required`
			`ssl_key: "</etc/dovecot/tls/{{mail_server_fqdn}}.key"`
			`ssl_cert: "</etc/dovecot/tls/{{mail_server_fqdn}}.crt"`
init 2020-11-07 20:27:01 +01:00			`ssl_min_protocol: 'TLSv1.2'`
			`#ssl_cipher_list: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'`
			`ssl_cipher_list: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`ssl_prefer_server_ciphers: 'yes'`
			`ssl_dh_parameters_length: 2048`
init 2020-11-07 20:27:01 +01:00			`- name: 'dovecot: 20-lmtp.conf'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/conf.d/20-lmtp.conf`
			`insertafter: "^[ \t]#{{item.key}} = *"`
			`regexp: "^[ \t]{{item.key}} = *"`
			`line: " {{item.key}} = {{item.value}}"`
			`with_dict:`
			`mail_plugins: '$mail_plugins quota sieve'`
init 2020-11-07 20:27:01 +01:00			`- name: 'dovecot: 20-imap.conf: activated plugins'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/conf.d/20-imap.conf`
			`insertafter: "^[\t ]#{{item.key}} = *"`
			`regexp: "^[\t ]{{item.key}} = *"`
			`line: " {{item.key}} = {{item.value}}"`
			`with_dict:`
			`mail_plugins: '$mail_plugins imap_sieve imap_acl'`
init 2020-11-07 20:27:01 +01:00			`- name: 'dovecot: 90-acl.conf: shared-mailboxes-dict'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/conf.d/90-acl.conf`
			`insertafter: "^[\t ]#{{item.key}} = *"`
			`regexp: "^[\t ]{{item.key}} = *"`
			`line: " {{item.key}} = {{item.value}}"`
			`with_dict:`
			`acl_shared_dict: 'file:/var/mail/%Ld/shared-mailboxes.db'`
init 2020-11-07 20:27:01 +01:00			`- name: 'dovecot: auth-ldap.conf.ext'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/conf.d/auth-ldap.conf.ext`
			`insertafter: "^[\t ]#{{item.key}} = *"`
			`regexp: "^[\t ]{{item.key}} = *"`
			`line: " {{item.key}} = {{item.value}}"`
			`with_dict:`
			`default_fields: 'home=/var/mail/%Ld/%Ln'`
init 2020-11-07 20:27:01 +01:00			`- name: 'dovecot: 90-sieve.conf'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/conf.d/90-sieve.conf`
			`insertafter: "^[\t ]#{{item.key}} = *"`
			`regexp: "^[\t ]{{item.key}} = *"`
			`line: " {{item.key}} = {{item.value}}"`
			`with_dict:`
			`sieve: 'file:/var/mail/%Ld/%Ln/sieve;active=/var/mail/%Ld/%Ln/active.sieve'`
			`sieve_extensions: '+editheader +vnd.dovecot.debug +vnd.dovecot.pipe'`
			`sieve_max_redirects: 25`
			`sieve_max_actions: 64`
init 2020-11-07 20:27:01 +01:00			`- name: 'dovecot: dovecot-ldap.conf.ext'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/dovecot-ldap.conf.ext`
			`insertafter: "^#{{item.key}} = "`
			`regexp: "^{{item.key}} = "`
			`line: "{{item.key}} = {{item.value}}"`
			`with_dict:`
			`uris: '{{dovecot_ldap_utis}}'`
			`ldaprc_path: '{{dovecot_ldap_ldaprc_path}}'`
			`auth_bind: 'yes'`
			`ldap_version: 3`
			`base: '{{dovecot_ldap_base}}'`
			`scope: '{{dovecot_ldap_scope}}'`
			`user_filter: '{{dovecot_ldap_user_filter}}'`
			`user_attrs: '{{dovecot_ldap_user_attrs}}'`
			`pass_filter: '{{dovecot_ldap_pass_filter}}'`
			`pass_attrs: '{{dovecot_ldap_pass_attrs}}'`
			`iterate_attrs: '{{dovecot_ldap_iterate_attrs}}'`
			`iterate_filter: '{{dovecot_ldap_iterate_filter}}'`
init 2020-11-07 20:27:01 +01:00
			`- name: dummy files if needed`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`copy:`
			`dest: '{{item.key}}'`
			`content: '{{item.value}}'`
			`force: no`
			`with_dict:`
			`"/etc/dovecot/users": ''`
init 2020-11-07 20:27:01 +01:00
			`- name: 'dovecot: special users'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`lineinfile:`
			`path: /etc/dovecot/users`
			`line: '{{item}}::::::::'`
			`regexp: '{{item\|regex_escape()}}'`
more variables. 2020-11-07 22:36:05 +01:00			`with_items: '{{dovecot_special_users}}'`
init 2020-11-07 20:27:01 +01:00
			`- name: 'install sieve-scripts (templates)'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`shell: 'doveadm sieve put -u {{item.user\|quote}} -a {{item.name\|default("main")\|quote}}'`
			`args:`
			`stdin_add_newline: false`
			`stdin: '{{lookup("file", item.file)\|quote}}'`
			`with_items: '{{mail_sieve_scripts}}'`
init 2020-11-07 20:27:01 +01:00			`- name: 'install sieve-scripts (templates)'`
tabs to two spaces 2020-11-07 23:23:20 +01:00			`shell: 'doveadm sieve put -u {{item.user\|quote}} -a {{item.name\|default("main")\|quote}}'`
			`args:`
			`stdin_add_newline: false`
			`stdin: '{{lookup("template", item.file)\|quote}}'`
			`with_items: '{{mail_sieve_scripts_templates}}'`