--- - name: Install Dovecot package: name: dovecot dovecot-fts-xapian dovecot-pigeonhole state: present - name: Set permissions on /usr/local/etc/dovecot file: path: /usr/local/etc/dovecot state: directory owner: acme group: dovecot mode: 0750 - name: Generate DH parameters command: openssl dhparam -out /usr/local/etc/dovecot/dh.pem 2048 args: creates: /usr/local/etc/dovecot/dh.pem - name: Add vmail group group: name: vmail gid: 20002 - name: Add vmail user user: name: vmail uid: 20002 group: vmail home: /var/empty create_home: no login_class: daemon password: '*' - name: Add vmail ZFS file system zfs: name: '{{ bhyve_pool }}/var/vmail' state: present - name: Set permissions on /var/vmail file: path: /var/vmail state: directory owner: vmail group: vmail mode: 0755 - name: Create /var/spool/postfix file: path: /var/spool/postfix state: directory owner: root group: wheel mode: 0755 - name: Add /var/log/dovecot to fstab mount: path: /var/log/dovecot src: tmpfs fstype: tmpfs opts: 'rw,size={{ dovecot_log_size }},mode={{ dovecot_log_mode }},uid={{ dovecot_log_uid }},gid={{ dovecot_log_gid }},late' state: mounted - name: Create Dovecot service directories file: path: '{{ s6_etc_dir }}/service/{{ item }}' state: directory owner: root group: wheel mode: 0755 with_items: '{{ dovecot_service_dirs }}' notify: - Reload s6-rc - Restart Dovecot log - Restart Dovecot - name: Generate Dovecot service scripts template: dest: '{{ s6_etc_dir }}/service/{{ item }}' src: '{{ item }}.j2' mode: 0555 owner: root group: wheel with_items: '{{ dovecot_service_scripts }}' notify: - Reload s6-rc - Restart Dovecot log - Restart Dovecot - name: Generate Dovecot service configuration copy: dest: '{{ s6_etc_dir }}/service/{{ item.name }}' content: '{{ item.content }}' mode: 0444 owner: root group: wheel loop_control: label: '{{ item.name }} = {{ item.content }}' notify: - Reload s6-rc - Restart Dovecot log - Restart Dovecot with_items: '{{ dovecot_service_config }}' - name: Configure dovecot template: dest: '/usr/local/etc/dovecot/{{ item }}' src: '{{ item }}.j2' mode: 0440 owner: dovecot group: wheel with_items: - dovecot.conf - passwd notify: - Reload Dovecot - name: Tell acme.sh where to find Dovecot lineinfile: path: /var/db/acme/account.conf create: yes owner: acme group: acme regexp: '^DEPLOY_DOVECOT_PEM_PATH=' state: present line: 'DEPLOY_DOVECOT_RELOAD="sudo s6-svc -h {{ s6_scan_dir }}/dovecot"' - name: Flush handlers meta: flush_handlers - name: Allow acme.sh to reload Dovecot template: dest: /usr/local/etc/sudoers.d/acme_dovecot src: acme_dovecot.j2 mode: 0444 owner: root group: wheel - name: Deploy X.509 certificate to Dovecot command: 'env sudo -Hu acme acme.sh --debug --home /var/db/acme --install-cert --domain {{ ansible_fqdn }} --cert-file /usr/local/etc/dovecot/cert.pem --key-file /usr/local/etc/dovecot/privkey.pem --fullchain-file /usr/local/etc/dovecot/fullchain.pem --reloadcmd "sudo s6-svc -h {{ s6_scan_dir }}/dovecot"' args: creates: /usr/local/etc/dovecot/fullchain.pem notify: - Reload Dovecot - name: Start Dovecot command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change dovecot register: change changed_when: change.stdout | length > 0 - name: Enable Dovecot lineinfile: path: '{{ s6_etc_dir }}/service/enabled/contents' regexp: "^dovecot$" line: dovecot state: present notify: - Reload s6-rc - name: Flush handlers (again) meta: flush_handlers