deac/ansible-role-mail
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

tabs to two spaces

Browse source
This commit is contained in:
Denis Knauf 2020-11-07 23:23:20 +01:00
parent f116b740e1
commit f99e0d08b0
3 changed files with 292 additions and 292 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

238
tasks/dovecot.yml
View file

@ -2,147 +2,147 @@
# vim: set et sw=2 ts=2 sts=2: # vim: set et sw=2 ts=2 sts=2:
- name: dovecot-service.conf set file limit - name: dovecot-service.conf set file limit
copy: copy:
dest: /etc/systemd/system/dovecot.service.d/service.conf dest: /etc/systemd/system/dovecot.service.d/service.conf
content: | content: |
[Service] [Service]
LimitNOFILE=16384 LimitNOFILE=16384
- name: dovecot-configs - name: dovecot-configs
copy: copy:
src: "{{item}}" src: "{{item}}"
dest: /etc/dovecot dest: /etc/dovecot
owner: root owner: root
group: dovecot group: dovecot
mode: 0444 mode: 0444
with_fileglob: with_fileglob:
- "dovecot/*" - "dovecot/*"
- name: dovecot-configs in conf.d - name: dovecot-configs in conf.d
copy: copy:
src: "{{item}}" src: "{{item}}"
dest: /etc/dovecot/conf.d dest: /etc/dovecot/conf.d
owner: root owner: root
group: dovecot group: dovecot
mode: 0444 mode: 0444
with_fileglob: with_fileglob:
- "dovecot/conf.d/*" - "dovecot/conf.d/*"
- name: 'deactivate auth-system' - name: 'deactivate auth-system'
lineinfile: lineinfile:
path: /etc/dovecot/conf.d/10-auth.conf path: /etc/dovecot/conf.d/10-auth.conf
line: "#!include auth-system.conf.ext" line: "#!include auth-system.conf.ext"
regexp: "^#?!include auth-system\\.conf\\.ext" regexp: "^#?!include auth-system\\.conf\\.ext"
- name: 'activate auth-ldap,-passwdfile' - name: 'activate auth-ldap,-passwdfile'
lineinfile: lineinfile:
path: /etc/dovecot/conf.d/10-auth.conf path: /etc/dovecot/conf.d/10-auth.conf
line: "!include {{item}}.conf.ext" line: "!include {{item}}.conf.ext"
regexp: "^#?!include {{item}}.conf.ext" regexp: "^#?!include {{item}}.conf.ext"
with_items: with_items:
- auth-ldap - auth-ldap
- auth-passwdfile - auth-passwdfile
- name: 'dovecot: 10-ssl.conf' - name: 'dovecot: 10-ssl.conf'
lineinfile: lineinfile:
path: /etc/dovecot/conf.d/10-ssl.conf path: /etc/dovecot/conf.d/10-ssl.conf
insertafter: "^#{{item.key}} *= *" insertafter: "^#{{item.key}} *= *"
regexp: "^{{item.key}} *= *" regexp: "^{{item.key}} *= *"
line: "{{item.key}} = {{item.value}}" line: "{{item.key}} = {{item.value}}"
with_dict: with_dict:
ssl: required ssl: required
ssl_key: "</etc/dovecot/tls/{{mail_server_fqdn}}.key" ssl_key: "</etc/dovecot/tls/{{mail_server_fqdn}}.key"
ssl_cert: "</etc/dovecot/tls/{{mail_server_fqdn}}.crt" ssl_cert: "</etc/dovecot/tls/{{mail_server_fqdn}}.crt"
ssl_min_protocol: 'TLSv1.2' ssl_min_protocol: 'TLSv1.2'
#ssl_cipher_list: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA' #ssl_cipher_list: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
ssl_cipher_list: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH ssl_cipher_list: ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers: 'yes' ssl_prefer_server_ciphers: 'yes'
ssl_dh_parameters_length: 2048 ssl_dh_parameters_length: 2048
- name: 'dovecot: 20-lmtp.conf' - name: 'dovecot: 20-lmtp.conf'
lineinfile: lineinfile:
path: /etc/dovecot/conf.d/20-lmtp.conf path: /etc/dovecot/conf.d/20-lmtp.conf
insertafter: "^[ \t]*#{{item.key}} *= *" insertafter: "^[ \t]*#{{item.key}} *= *"
regexp: "^[ \t]*{{item.key}} *= *" regexp: "^[ \t]*{{item.key}} *= *"
line: " {{item.key}} = {{item.value}}" line: " {{item.key}} = {{item.value}}"
with_dict: with_dict:
mail_plugins: '$mail_plugins quota sieve' mail_plugins: '$mail_plugins quota sieve'
- name: 'dovecot: 20-imap.conf: activated plugins' - name: 'dovecot: 20-imap.conf: activated plugins'
lineinfile: lineinfile:
path: /etc/dovecot/conf.d/20-imap.conf path: /etc/dovecot/conf.d/20-imap.conf
insertafter: "^[\t ]*#{{item.key}} *= *" insertafter: "^[\t ]*#{{item.key}} *= *"
regexp: "^[\t ]*{{item.key}} *= *" regexp: "^[\t ]*{{item.key}} *= *"
line: " {{item.key}} = {{item.value}}" line: " {{item.key}} = {{item.value}}"
with_dict: with_dict:
mail_plugins: '$mail_plugins imap_sieve imap_acl' mail_plugins: '$mail_plugins imap_sieve imap_acl'
- name: 'dovecot: 90-acl.conf: shared-mailboxes-dict' - name: 'dovecot: 90-acl.conf: shared-mailboxes-dict'
lineinfile: lineinfile:
path: /etc/dovecot/conf.d/90-acl.conf path: /etc/dovecot/conf.d/90-acl.conf
insertafter: "^[\t ]*#{{item.key}} *= *" insertafter: "^[\t ]*#{{item.key}} *= *"
regexp: "^[\t ]*{{item.key}} *= *" regexp: "^[\t ]*{{item.key}} *= *"
line: " {{item.key}} = {{item.value}}" line: " {{item.key}} = {{item.value}}"
with_dict: with_dict:
acl_shared_dict: 'file:/var/mail/%Ld/shared-mailboxes.db' acl_shared_dict: 'file:/var/mail/%Ld/shared-mailboxes.db'
- name: 'dovecot: auth-ldap.conf.ext' - name: 'dovecot: auth-ldap.conf.ext'
lineinfile: lineinfile:
path: /etc/dovecot/conf.d/auth-ldap.conf.ext path: /etc/dovecot/conf.d/auth-ldap.conf.ext
insertafter: "^[\t ]*#{{item.key}} *= *" insertafter: "^[\t ]*#{{item.key}} *= *"
regexp: "^[\t ]*{{item.key}} *= *" regexp: "^[\t ]*{{item.key}} *= *"
line: " {{item.key}} = {{item.value}}" line: " {{item.key}} = {{item.value}}"
with_dict: with_dict:
default_fields: 'home=/var/mail/%Ld/%Ln' default_fields: 'home=/var/mail/%Ld/%Ln'
- name: 'dovecot: 90-sieve.conf' - name: 'dovecot: 90-sieve.conf'
lineinfile: lineinfile:
path: /etc/dovecot/conf.d/90-sieve.conf path: /etc/dovecot/conf.d/90-sieve.conf
insertafter: "^[\t ]*#{{item.key}} *= *" insertafter: "^[\t ]*#{{item.key}} *= *"
regexp: "^[\t ]*{{item.key}} *= *" regexp: "^[\t ]*{{item.key}} *= *"
line: " {{item.key}} = {{item.value}}" line: " {{item.key}} = {{item.value}}"
with_dict: with_dict:
sieve: 'file:/var/mail/%Ld/%Ln/sieve;active=/var/mail/%Ld/%Ln/active.sieve' sieve: 'file:/var/mail/%Ld/%Ln/sieve;active=/var/mail/%Ld/%Ln/active.sieve'
sieve_extensions: '+editheader +vnd.dovecot.debug +vnd.dovecot.pipe' sieve_extensions: '+editheader +vnd.dovecot.debug +vnd.dovecot.pipe'
sieve_max_redirects: 25 sieve_max_redirects: 25
sieve_max_actions: 64 sieve_max_actions: 64
- name: 'dovecot: dovecot-ldap.conf.ext' - name: 'dovecot: dovecot-ldap.conf.ext'
lineinfile: lineinfile:
path: /etc/dovecot/dovecot-ldap.conf.ext path: /etc/dovecot/dovecot-ldap.conf.ext
insertafter: "^#{{item.key}} *= *" insertafter: "^#{{item.key}} *= *"
regexp: "^{{item.key}} *= *" regexp: "^{{item.key}} *= *"
line: "{{item.key}} = {{item.value}}" line: "{{item.key}} = {{item.value}}"
with_dict: with_dict:
uris: '{{dovecot_ldap_utis}}' uris: '{{dovecot_ldap_utis}}'
ldaprc_path: '{{dovecot_ldap_ldaprc_path}}' ldaprc_path: '{{dovecot_ldap_ldaprc_path}}'
auth_bind: 'yes' auth_bind: 'yes'
ldap_version: 3 ldap_version: 3
base: '{{dovecot_ldap_base}}' base: '{{dovecot_ldap_base}}'
scope: '{{dovecot_ldap_scope}}' scope: '{{dovecot_ldap_scope}}'
user_filter: '{{dovecot_ldap_user_filter}}' user_filter: '{{dovecot_ldap_user_filter}}'
user_attrs: '{{dovecot_ldap_user_attrs}}' user_attrs: '{{dovecot_ldap_user_attrs}}'
pass_filter: '{{dovecot_ldap_pass_filter}}' pass_filter: '{{dovecot_ldap_pass_filter}}'
pass_attrs: '{{dovecot_ldap_pass_attrs}}' pass_attrs: '{{dovecot_ldap_pass_attrs}}'
iterate_attrs: '{{dovecot_ldap_iterate_attrs}}' iterate_attrs: '{{dovecot_ldap_iterate_attrs}}'
iterate_filter: '{{dovecot_ldap_iterate_filter}}' iterate_filter: '{{dovecot_ldap_iterate_filter}}'
- name: dummy files if needed - name: dummy files if needed
copy: copy:
dest: '{{item.key}}' dest: '{{item.key}}'
content: '{{item.value}}' content: '{{item.value}}'
force: no force: no
with_dict: with_dict:
"/etc/dovecot/users": '' "/etc/dovecot/users": ''
- name: 'dovecot: special users' - name: 'dovecot: special users'
lineinfile: lineinfile:
path: /etc/dovecot/users path: /etc/dovecot/users
line: '{{item}}::::::::' line: '{{item}}::::::::'
regexp: '{{item|regex_escape()}}' regexp: '{{item|regex_escape()}}'
with_items: '{{dovecot_special_users}}' with_items: '{{dovecot_special_users}}'
- name: 'install sieve-scripts (templates)' - name: 'install sieve-scripts (templates)'
shell: 'doveadm sieve put -u {{item.user|quote}} -a {{item.name|default("main")|quote}}' shell: 'doveadm sieve put -u {{item.user|quote}} -a {{item.name|default("main")|quote}}'
args: args:
stdin_add_newline: false stdin_add_newline: false
stdin: '{{lookup("file", item.file)|quote}}' stdin: '{{lookup("file", item.file)|quote}}'
with_items: '{{mail_sieve_scripts}}' with_items: '{{mail_sieve_scripts}}'
- name: 'install sieve-scripts (templates)' - name: 'install sieve-scripts (templates)'
shell: 'doveadm sieve put -u {{item.user|quote}} -a {{item.name|default("main")|quote}}' shell: 'doveadm sieve put -u {{item.user|quote}} -a {{item.name|default("main")|quote}}'
args: args:
stdin_add_newline: false stdin_add_newline: false
stdin: '{{lookup("template", item.file)|quote}}' stdin: '{{lookup("template", item.file)|quote}}'
with_items: '{{mail_sieve_scripts_templates}}' with_items: '{{mail_sieve_scripts_templates}}'

288
tasks/main.yml
View file

@ -2,185 +2,185 @@
# vim: set et sw=2 ts=2 sts=2: # vim: set et sw=2 ts=2 sts=2:
- name: install gnutls, postfix & dovecot - name: install gnutls, postfix & dovecot
apt: apt:
name: name:
# TLS # TLS
- gnutls-bin - gnutls-bin
# ansible # ansible
- python-pip - python-pip
- python-openssl - python-openssl
#- libpam-ldapd #- libpam-ldapd
# postfix # postfix
- postfix - postfix
- postfix-pcre - postfix-pcre
- postfix-cdb - postfix-cdb
- postfix-lmdb - postfix-lmdb
# milter # milter
- opendkim - opendkim
- opendkim-tools - opendkim-tools
- opendmarc - opendmarc
- postfix-policyd-spf-python - postfix-policyd-spf-python
# for rewriting sender (tries to fix forwarding+SPF-problem) # for rewriting sender (tries to fix forwarding+SPF-problem)
- postsrsd - postsrsd
# imap # imap
- dovecot-core - dovecot-core
- dovecot-imapd - dovecot-imapd
- dovecot-managesieved - dovecot-managesieved
- dovecot-ldap - dovecot-ldap
- dovecot-gssapi - dovecot-gssapi
- dovecot-lmtpd - dovecot-lmtpd
- name: 'directory-structures (/etc/postfix-&/etc/dovecot&...)' - name: 'directory-structures (/etc/postfix-&/etc/dovecot&...)'
file: file:
dest: "{{item}}" dest: "{{item}}"
owner: root owner: root
group: root group: root
mode: 0755 mode: 0755
state: directory state: directory
with_items: with_items:
- /etc/postfix - /etc/postfix
- /etc/dovecot - /etc/dovecot
- /etc/dovecot/conf.d - /etc/dovecot/conf.d
- /etc/dkimkeys - /etc/dkimkeys
- /etc/systemd/system/dovecot.service.d - /etc/systemd/system/dovecot.service.d
- name: Groups - name: Groups
group: group:
name: "{{item}}" name: "{{item}}"
system: yes system: yes
with_items: with_items:
- vmail - vmail
- milter - milter
- name: vmail-user for Mailboxes - name: vmail-user for Mailboxes
user: user:
name: vmail name: vmail
uid: 999 uid: 999
comment: Mailboxes comment: Mailboxes
group: vmail group: vmail
shell: /bin/false shell: /bin/false
createhome: no createhome: no
home: /var/mail/vmail home: /var/mail/vmail
move_home: no move_home: no
skeleton: no skeleton: no
system: yes system: yes
- name: add milter-group-members - name: add milter-group-members
user: user:
name: "{{item}}" name: "{{item}}"
append: yes append: yes
groups: milter groups: milter
with_items: with_items:
- opendkim - opendkim
- opendmarc - opendmarc
- postfix - postfix
- name: '/var/mail' - name: '/var/mail'
file: file:
dest: /var/mail dest: /var/mail
group: vmail group: vmail
owner: vmail owner: vmail
state: directory state: directory
mode: 03700 mode: 03700
- name: '/var/mail domains' - name: '/var/mail domains'
file: file:
dest: '/var/mail/{{item.key}}' dest: '/var/mail/{{item.key}}'
group: vmail group: vmail
owner: vmail owner: vmail
state: directory state: directory
mode: 03700 mode: 03700
with_dict: '{{mail_domains}}' with_dict: '{{mail_domains}}'
- name: opendkim.conf - name: opendkim.conf
copy: copy:
src: opendkim.conf src: opendkim.conf
dest: /etc dest: /etc
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
- name: /etc/mailname - name: /etc/mailname
copy: copy:
dest: /etc/mailname dest: /etc/mailname
content: "{{mail_server_fqdn}}" content: "{{mail_server_fqdn}}"
- file: - file:
dest: /var/spool/postfix/milter dest: /var/spool/postfix/milter
owner: postfix owner: postfix
group: milter group: milter
mode: 0570 mode: 0570
state: directory state: directory
- name: 'opendkim: config' - name: 'opendkim: config'
lineinfile: lineinfile:
path: /etc/opendkim.conf path: /etc/opendkim.conf
regexp: '^{{item.key}}[ \t]' regexp: '^{{item.key}}[ \t]'
insertafter: '^#{{item.key}}[ \t]' insertafter: '^#{{item.key}}[ \t]'
line: '{{item.key}} {{item.value}}' line: '{{item.key}} {{item.value}}'
with_dict: with_dict:
Domain: '{{mail_domain}}' Domain: '{{mail_domain}}'
KeyFile: '/etc/dkimkeys/{{dkim_selector}}.key' KeyFile: '/etc/dkimkeys/{{dkim_selector}}.key'
Socket: local:/var/spool/postfix/milter/opendkim Socket: local:/var/spool/postfix/milter/opendkim
Selector: '{{dkim_selector}}' Selector: '{{dkim_selector}}'
- name: 'DKIM-key' - name: 'DKIM-key'
shell: | shell: |
set -e set -e
f={{item|quote}} f={{item|quote}}
ulimit 0400 ulimit 0400
opendkim-genkey --bits 2048 --domain {{mail_domain|quote}} --restrict --selector "$f" opendkim-genkey --bits 2048 --domain {{mail_domain|quote}} --restrict --selector "$f"
chown opendkim:root "$f.private" "$f.txt" chown opendkim:root "$f.private" "$f.txt"
mv "$f.private" "$f.key" mv "$f.private" "$f.key"
mv "$f.txt" "$f.zone" mv "$f.txt" "$f.zone"
args: args:
chdir: /etc/dkimkeys chdir: /etc/dkimkeys
creates: "{{item}}.key" creates: "{{item}}.key"
with_items: with_items:
- "{{mail_dkim_selector}}" - "{{mail_dkim_selector}}"
- name: 'opendmarc: config' - name: 'opendmarc: config'
lineinfile: lineinfile:
path: /etc/opendmarc.conf path: /etc/opendmarc.conf
regexp: '^{{item.key}}[ \t]' regexp: '^{{item.key}}[ \t]'
insertafter: '^#{{item.key}}[ \t]' insertafter: '^#{{item.key}}[ \t]'
line: '{{item.key}} {{item.value}}' line: '{{item.key}} {{item.value}}'
with_dict: with_dict:
Socket: local:/var/spool/postfix/milter/opendmarc Socket: local:/var/spool/postfix/milter/opendmarc
- name: copy systemd-services - name: copy systemd-services
copy: copy:
src: "{{item}}" src: "{{item}}"
dest: /etc/systemd/system dest: /etc/systemd/system
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
with_fileglob: "systemd/system/*" with_fileglob: "systemd/system/*"
- name: copy service-configs - name: copy service-configs
copy: copy:
src: "{{item}}" src: "{{item}}"
dest: /etc/default dest: /etc/default
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
with_fileglob: "systemd/default/*" with_fileglob: "systemd/default/*"
- include_task: - include_task:
name: postfix name: postfix
- include_task: - include_task:
name: dovecot name: dovecot
- name: enabled services - name: enabled services
systemd: systemd:
name: '{{item}}' name: '{{item}}'
daemon-reload: true daemon-reload: true
enabled: true enabled: true
with-items: [dovecot, postfix, opendkim, opendmarc, postsrsd] with-items: [dovecot, postfix, opendkim, opendmarc, postsrsd]
- name: reload/restart services - name: reload/restart services
shell: 'systemctl reload-or-restart {{item|quote}}' shell: 'systemctl reload-or-restart {{item|quote}}'
with-items: [dovecot, postfix, opendkim, opendmarc, postsrsd] with-items: [dovecot, postfix, opendkim, opendmarc, postsrsd]

58
tasks/postfix.yml
View file

@ -2,14 +2,14 @@
# vim: set et sw=2 ts=2 sts=2: # vim: set et sw=2 ts=2 sts=2:
- name: postfix-configs - name: postfix-configs
copy: copy:
src: "{{item}}" src: "{{item}}"
dest: /etc/postfix dest: /etc/postfix
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
with_fileglob: with_fileglob:
- "postfix/*" - "postfix/*"
- name: 'postfix: main.cf' - name: 'postfix: main.cf'
lineinfile: lineinfile:
@ -112,31 +112,31 @@
non_smtpd_milters: 'unix:milter/opendkim' non_smtpd_milters: 'unix:milter/opendkim'
- name: mailinglists-aliases - name: mailinglists-aliases
template: template:
src: mailinglist-aliases.j2 src: mailinglist-aliases.j2
dest: /etc/postfix/mailinglists dest: /etc/postfix/mailinglists
mode: 0444 mode: 0444
owner: root owner: root
group: root group: root
- name: dummy files if needed - name: dummy files if needed
copy: copy:
dest: '{{item.key}}' dest: '{{item.key}}'
content: '{{item.value}}' content: '{{item.value}}'
force: no force: no
with_dict: '{{postfix_default_file_content}}' with_dict: '{{postfix_default_file_content}}'
- name: force TLS for these - name: force TLS for these
lineinfile: lineinfile:
path: /etc/postfix/tls_policy path: /etc/postfix/tls_policy
regexp: '^{{key}}[ \t]' regexp: '^{{key}}[ \t]'
line: '{{key}} {{value}}' line: '{{key}} {{value}}'
with_dict: '{{postfix_tls_policy}}' with_dict: '{{postfix_tls_policy}}'
- name: prepare aliases-lookup-tables - name: prepare aliases-lookup-tables
command: newaliases command: newaliases
- name: prepare lookup-tables - name: prepare lookup-tables
shell: 'postmap {{item|quote}}' shell: 'postmap {{item|quote}}'
args: args:
chdir: /etc/postfix chdir: /etc/postfix
with_items: '{{postfix_postmap}}' with_items: '{{postfix_postmap}}'