thomas
/
sovereign


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
							---
# Installs and configures the Dovecot IMAP/POP3 server.

- name: Install Dovecot and related packages
  apt:
    name: "{{ packages }}"
    state: present
  vars:
    packages:
    - dovecot-core
    - dovecot-imapd
    - dovecot-lmtpd
    - dovecot-managesieved
    - dovecot-pgsql
    - dovecot-pop3d
    - dovecot-antispam
  tags:
    - dependencies

- name: Create vmail group
  group:
    name=vmail
    state=present
    gid=5000

- name: Create vmail user
  user:
    name=vmail
    group=vmail
    state=present
    uid=5000
    home=/data
    shell=/usr/sbin/nologin

- name: Ensure mail directory is in place
  file:
    state=directory
    path=/data/mail
    owner=vmail
    group=dovecot
    mode=0770

- name: Ensure mail domain directories are in place
  file:
    state=directory
    path=/data/mail/{{ item.name }}
    owner=vmail
    group=dovecot
    mode=0770
  with_items: '{{ virtual_domains }}'

- name: Ensure mail directories are in place
  file:
    state=directory
    path=/data/mail/{{ item.domain }}/{{ item.account }}
    owner=vmail
    group=dovecot
  with_items: '{{ mail_virtual_users }}'

- name: Copy dovecot.conf into place
  copy:
    src=etc_dovecot_dovecot.conf
    dest=/etc/dovecot/dovecot.conf

- name: Create before.d sieve scripts directory
  file:
    path=/etc/dovecot/sieve/before.d
    state=directory
    owner=vmail
    group=dovecot
    recurse=yes
    mode=0770
  notify: restart dovecot

- name: Configure sieve script moving spam into Junk folder
  copy:
    src=etc_dovecot_sieve_before.d_no-spam.sieve
    dest=/etc/dovecot/sieve/before.d/no-spam.sieve
    owner=vmail
    group=dovecot
  notify: restart dovecot

- name: Configure learning spam sieve script
  copy:
    src=etc_dovecot_sieve_learn_spam.sieve
    dest=/etc/dovecot/sieve/learn_spam.sieve
    owner=vmail
    group=dovecot
  notify: restart dovecot

- name: Configure learning ham sieve script
  copy:
    src=etc_dovecot_sieve_learn_ham.sieve
    dest=/etc/dovecot/sieve/learn_ham.sieve
    owner=vmail
    group=dovecot
  notify: restart dovecot

- name: Copy additional Dovecot configuration files in place
  copy:
    src=etc_dovecot_conf.d_{{ item }}
    dest=/etc/dovecot/conf.d/{{ item }}
  with_items:
    - 10-auth.conf
    - 10-mail.conf
    - 10-master.conf
    - 90-antispam.conf
    - 90-plugin.conf
    - 90-sieve.conf
    - auth-sql.conf.ext
  notify: restart dovecot

- name: Template additional Dovecot configuration files
  template:
    src=etc_dovecot_conf.d_{{ item }}.j2
    dest=/etc/dovecot/conf.d/{{ item }}
  with_items:
    - 10-ssl.conf
    - 15-lda.conf
    - 20-imap.conf
  notify: restart dovecot

- name: Template dovecot-sql.conf.ext
  template:
    src=etc_dovecot_dovecot-sql.conf.ext.j2
    dest=/etc/dovecot/dovecot-sql.conf.ext
  notify: restart dovecot

- name: Ensure correct permissions on Dovecot config directory
  file:
    state=directory
    path=/etc/dovecot
    group=dovecot
    owner=vmail
    mode=0770
    recurse=yes
  notify: restart dovecot

- name: Set firewall rules for dovecot
  ufw: rule=allow port={{ item }} proto=tcp
  with_items:
    - imaps
    - pop3s
  tags: ufw

- name: Update post-certificate-renewal task
  copy:
    content: "#!/bin/bash\n\nservice dovecot restart\n"
    dest: /etc/letsencrypt/postrenew/dovecot.sh
    mode: 0755
    owner: root
    group: root