more variables.

2020-11-07 22:36:05 +01:00 · 2020-11-07 22:36:05 +01:00 · 423729cc3c
commit 423729cc3c
parent 76228a0afb
5 changed files with 107 additions and 19 deletions
--- a/tasks/dovecot.yml
+++ b/tasks/dovecot.yml
@ -49,8 +49,8 @@
 		line: "{{item.key}} = {{item.value}}"
 	with_dict:
 		ssl: required
-		ssl_key: "</etc/dovecot/tls/{{fqdn}}.key"
-		ssl_cert: "</etc/dovecot/tls/{{fqdn}}.crt"
+		ssl_key: "</etc/dovecot/tls/{{mail_server_fqdn}}.key"
+		ssl_cert: "</etc/dovecot/tls/{{mail_server_fqdn}}.crt"
    ssl_min_protocol: 'TLSv1.2'
    #ssl_cipher_list: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
    ssl_cipher_list: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
@ -106,18 +106,18 @@
 		regexp: "^{{item.key}} *= *"
 		line: "{{item.key}} = {{item.value}}"
 	with_dict:
-		uris: ldapi://
-		ldaprc_path: /etc/ldap/ldap.conf
+		uris: '{{dovecot_ldap_utis}}'
+		ldaprc_path: '{{dovecot_ldap_ldaprc_path}}'
 		auth_bind: 'yes'
 		ldap_version: 3
-		base: 'ou=People,{{mail_ldap_basedn}}'
-		scope: onelevel
-		user_filter: '(&(objectClass=simpleSecurityObject)(mail=%u))'
-		user_attrs: mail=user
-		pass_filter: '(&(objectClass=simpleSecurityObject)(mail=%u))'
-		pass_attrs: mail=user,userPassword=password
-		iterate_attrs: 'mail=user'
-		iterate_filter: '(&(objectClass=simpleSecurityObject)(mail=*))'
+		base: '{{dovecot_ldap_base}}'
+		scope: '{{dovecot_ldap_scope}}'
+		user_filter: '{{dovecot_ldap_user_filter}}'
+		user_attrs: '{{dovecot_ldap_user_attrs}}'
+		pass_filter: '{{dovecot_ldap_pass_filter}}'
+		pass_attrs: '{{dovecot_ldap_pass_attrs}}'
+		iterate_attrs: '{{dovecot_ldap_iterate_attrs}}'
+		iterate_filter: '{{dovecot_ldap_iterate_filter}}'

 - name: dummy files if needed
 	copy:
@ -132,6 +132,7 @@
 		path: /etc/dovecot/users
 		line: '{{item}}::::::::'
 		regexp: '{{item|regex_escape()}}'
+  with_items: '{{dovecot_special_users}}'

 - name: 'install sieve-scripts (templates)'
 	shell: 'doveadm sieve put -u {{item.user|quote}} -a {{item.name|default("main")|quote}}'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -108,7 +108,7 @@
 - name: /etc/mailname
 	copy:
 		dest: /etc/mailname
-		content: "{{fqdn}}"
+		content: "{{mail_server_fqdn}}"

 - file:
 		dest: /var/spool/postfix/milter
--- a/tasks/postfix.yml
+++ b/tasks/postfix.yml
@ -23,8 +23,8 @@
      default_database_type: lmdb

      # Verbindungssicherheit / Verschluesselung:
-      smtpd_tls_cert_file: "/etc/postfix/tls/{{fqdn}}.crt"
-      smtpd_tls_key_file: "/etc/postfix/tls/{{fqdn}}.key"
+      smtpd_tls_cert_file: "/etc/postfix/tls/{{mail_server_fqdn}}.crt"
+      smtpd_tls_key_file: "/etc/postfix/tls/{{mail_server_fqdn}}.key"
      smtpd_use_tls: 'yes'
      smtpd_tls_session_cache_database: 'lmdb:${data_directory}/smtpd_scache'
      smtp_tls_session_cache_database: 'lmdb:${data_directory}/smtp_scache'
@ -129,9 +129,9 @@
 - name: force TLS for these
 	lineinfile:
 		path: /etc/postfix/tls_policy
-		regexp: '^{{item}}[ \t]'
-		line: '{{item}} encrypt'
-	with_items: '{{postfix_tls_policy}}'
+		regexp: '^{{key}}[ \t]'
+		line: '{{key}} {{value}}'
+	with_dict: '{{postfix_tls_policy}}'

 - name: prepare aliases-lookup-tables
 	command: newaliases