ansible/roles/dovecot/tasks/main.yml
2022-07-04 02:44:47 +02:00

161 lines
3.8 KiB
YAML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: Install Dovecot
package:
name: dovecot dovecot-fts-xapian dovecot-pigeonhole
state: present
- name: Set permissions on /usr/local/etc/dovecot
file:
path: /usr/local/etc/dovecot
state: directory
owner: acme
group: dovecot
mode: 0750
- name: Generate DH parameters
command: openssl dhparam -out /usr/local/etc/dovecot/dh.pem 2048
args:
creates: /usr/local/etc/dovecot/dh.pem
- name: Add vmail group
group:
name: vmail
gid: 20002
- name: Add vmail user
user:
name: vmail
uid: 20002
group: vmail
home: /var/empty
create_home: no
login_class: daemon
password: '*'
- name: Add vmail ZFS file system
zfs:
name: '{{ bhyve_pool }}/var/vmail'
state: present
- name: Set permissions on /var/vmail
file:
path: /var/vmail
state: directory
owner: vmail
group: vmail
mode: 0755
- name: Create /var/spool/postfix
file:
path: /var/spool/postfix
state: directory
owner: root
group: wheel
mode: 0755
- name: Add /var/log/dovecot to fstab
mount:
path: /var/log/dovecot
src: tmpfs
fstype: tmpfs
opts: 'rw,size={{ dovecot_log_size }},mode={{ dovecot_log_mode }},uid={{ dovecot_log_uid }},gid={{ dovecot_log_gid }},late'
state: mounted
- name: Create Dovecot service directories
file:
path: '{{ s6_etc_dir }}/service/{{ item }}'
state: directory
owner: root
group: wheel
mode: 0755
with_items: '{{ dovecot_service_dirs }}'
notify:
- Reload s6-rc
- Restart Dovecot log
- Restart Dovecot
- name: Generate Dovecot service scripts
template:
dest: '{{ s6_etc_dir }}/service/{{ item }}'
src: '{{ item }}.j2'
mode: 0555
owner: root
group: wheel
with_items: '{{ dovecot_service_scripts }}'
notify:
- Reload s6-rc
- Restart Dovecot log
- Restart Dovecot
- name: Generate Dovecot service configuration
copy:
dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
content: '{{ item.content }}'
mode: 0444
owner: root
group: wheel
loop_control:
label: '{{ item.name }} = {{ item.content }}'
notify:
- Reload s6-rc
- Restart Dovecot log
- Restart Dovecot
with_items: '{{ dovecot_service_config }}'
- name: Configure dovecot
template:
dest: '/usr/local/etc/dovecot/{{ item }}'
src: '{{ item }}.j2'
mode: 0440
owner: dovecot
group: wheel
with_items:
- dovecot.conf
- passwd
notify:
- Reload Dovecot
- name: Tell acme.sh where to find Dovecot
lineinfile:
path: /var/db/acme/account.conf
create: yes
owner: acme
group: acme
regexp: '^DEPLOY_DOVECOT_PEM_PATH='
state: present
line: 'DEPLOY_DOVECOT_RELOAD="sudo s6-svc -h {{ s6_scan_dir }}/dovecot"'
- name: Flush handlers
meta: flush_handlers
- name: Allow acme.sh to reload Dovecot
template:
dest: /usr/local/etc/sudoers.d/acme_dovecot
src: acme_dovecot.j2
mode: 0444
owner: root
group: wheel
- name: Deploy X.509 certificate to Dovecot
command: 'env sudo -Hu acme acme.sh --debug --home /var/db/acme --install-cert --domain {{ ansible_fqdn }} --cert-file /usr/local/etc/dovecot/cert.pem --key-file /usr/local/etc/dovecot/privkey.pem --fullchain-file /usr/local/etc/dovecot/fullchain.pem --reloadcmd "sudo s6-svc -h {{ s6_scan_dir }}/dovecot"'
args:
creates: /usr/local/etc/dovecot/fullchain.pem
notify:
- Reload Dovecot
- name: Start Dovecot
command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change dovecot
register: change
changed_when: change.stdout | length > 0
- name: Enable Dovecot
lineinfile:
path: '{{ s6_etc_dir }}/service/enabled/contents'
regexp: "^dovecot$"
line: dovecot
state: present
notify:
- Reload s6-rc
- name: Flush handlers (again)
meta: flush_handlers