LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
477 Commits
12 Branches
967 KiB
Tree: 8b4fc582fe
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8b4fc582fe'
${ noResults }
lilik_playbook/roles/dovecot/tasks/main.yaml

182 lines
5.2 KiB
Raw Normal View History

move service task and handler to a separate role (see ansible issue 23389, 20603, 15902) Resolves #13
8 years ago
split postfix and dovecot roles
8 years ago
format dovecot role nicely
8 years ago
split postfix and dovecot roles
8 years ago
format dovecot role nicely
8 years ago
split postfix and dovecot roles
8 years ago
format dovecot role nicely
8 years ago
split postfix and dovecot roles
8 years ago
redirect mail to sympa
8 years ago
split postfix and dovecot roles
8 years ago
redirect mail to sympa
8 years ago
split postfix and dovecot roles
8 years ago
format dovecot role nicely
8 years ago
update to new dovecot conf format
7 years ago
format dovecot role nicely
8 years ago
update to new dovecot conf format
7 years ago
split postfix and dovecot roles
8 years ago
format dovecot role nicely
8 years ago
update to new dovecot conf format
7 years ago
split postfix and dovecot roles
8 years ago
add ssl certificate to dovecot
8 years ago
split postfix and dovecot roles
8 years ago
add ssl certificate to dovecot
8 years ago
check ssl and ssh certificate validity
7 years ago
add ssl certificate to dovecot
8 years ago
split postfix and dovecot roles
8 years ago
[dovecot] use openssl ansible modules
8 years ago
check ssl and ssh certificate validity
7 years ago
split postfix and dovecot roles
8 years ago
check ssl and ssh certificate validity
7 years ago
add new ssh and ssl CA
7 years ago
check ssl and ssh certificate validity
7 years ago
add ssl certificate to dovecot
8 years ago
use module cert_request where possible this module read a file containing a public key and prepares the sign_request for a ssl_host or ssh_host request
7 years ago
move ca request to a separate task
8 years ago
add ssl certificate to dovecot
8 years ago
move ca request to a separate task
8 years ago
add ssl certificate to dovecot
8 years ago
format dovecot role nicely
8 years ago
add ssl certificate to dovecot
8 years ago
remove ca-manager dependencies
8 years ago
fix dovecot ca request
8 years ago
remove ca-manager dependencies
8 years ago
fix dovecot ca request
8 years ago
add ssl certificate to dovecot
8 years ago
format dovecot role nicely
8 years ago
add ssl certificate to dovecot
8 years ago
move ca request to a separate task
8 years ago
remove ca-manager dependencies
8 years ago
add ssl certificate to dovecot
8 years ago
format dovecot role nicely
8 years ago
remove ca-manager dependencies
8 years ago
format dovecot role nicely
8 years ago
add ssl certificate to dovecot
8 years ago
fix dovecot ca request
8 years ago
add ssl certificate to dovecot
8 years ago
fix dovecot ca request
8 years ago
check ssl and ssh certificate validity
7 years ago
add ssl certificate to dovecot
8 years ago
format dovecot role nicely
8 years ago
split postfix and dovecot roles
8 years ago
 
  1. - include_role:

  2.     name: service

  3.   # static: yes # see static include issue: https://github.com/ansible/ansible/issues/13485

  4.   vars:

  5.     service_name: dovecot

  6.     service_packages:

  7.       - dovecot-ldap

  8.       - dovecot-imapd

  9.       - rsyslog

  10. 

  11. - lineinfile: dest=/etc/postfix/main.cf line="virtual_transport = dovecot" state=present

  12.   notify: restart postfix

  13. 

  14. - blockinfile:

  15.     dest: /etc/postfix/master.cf

  16.     block: |

  17.       dovecot   unix  -       n       n       -       -       pipe

  18.         flags=DRhu user=postman:postman argv=/usr/lib/dovecot/deliver -d ${recipient} -f ${sender}

  19.   notify: restart postfix

  20. 

  21. - name: create postman group

  22.   group:

  23.     name: postman

  24.     state: present

  25. 

  26. - name: create postman user

  27.   user:

  28.     name: postman

  29.     state: present

  30.     shell: /dev/null

  31. 

  32. - name: edit dovecot configuration

  33.   lineinfile:

  34.     dest: /etc/dovecot/conf.d/10-master.conf

  35.     line: '    port = 143'

  36.     insertafter: 'inet_listener imap {'

  37.     state: present

  38.   notify: restart dovecot

  39. 

  40. - blockinfile:

  41.     dest: /etc/dovecot/conf.d/10-master.conf

  42.     insertafter: 'inet_listener imaps {'

  43.     marker: '#{mark} ANSIBLE BLOCK FOR IMAPS PORT'

  44.     block: |

  45.                   port = 993

  46.                   ssl = yes

  47.   notify: restart dovecot

  48. 

  49. - blockinfile:

  50.     dest: "/etc/dovecot/conf.d/10-master.conf"

  51.     insertafter: "unix_listener auth-userdb {"

  52.     marker: '#{mark} ANSIBLE BLOCK FOR AUTH USER'

  53.     block: |

  54.         group = postman

  55.         mode = 0664

  56.         user = postman

  57.   notify: restart dovecot

  58. 

  59. - lineinfile:

  60.     dest: /etc/dovecot/conf.d/10-mail.conf

  61.     regexp: "{{ item.regexp }}"

  62.     line: "{{ item.line }}"

  63.     state: present

  64.   with_items:

  65.     - { regexp: '^mail_location = ', line: 'mail_location = maildir:/home/postman/%d/%n' }

  66.     - { regexp: 'mail_gid = ', line: 'mail_gid = postman' }

  67.     - { regexp: 'mail_uid = ', line: 'mail_uid = postman' }

  68.   notify: restart dovecot

  69. 

  70. - lineinfile:

  71.     dest: /etc/dovecot/conf.d/10-auth.conf

  72.     regexp: "{{ item.regexp }}"

  73.     line: "{{ item.line }}"

  74.     state: "{{ item.state }}"

  75.   with_items:

  76.     - { regexp: None, line: 'mail_location = maildir:/home/postman/%d/%n', state: 'absent'}

  77.     - { regexp: None, line: '!include auth-ldap.conf.ext', state: 'present'}

  78.     - { regexp: 'auth_default_realm =', line: 'auth_default_realm =  {{ domain }}', state: 'present'}

  79.     - { regexp: 'auth_mechanisms =', line: 'auth_mechanisms =  login plain', state: 'present'}

  80.     - { regexp: None, line: '!include auth-ldap.conf.ext', state: 'present'}

  81.   notify: restart dovecot

  82. 

  83. - name: enable ssl key

  84.   blockinfile:

  85.     dest: /etc/dovecot/conf.d/10-ssl.conf

  86.     block: |

  87.         ssl = yes

  88.         ssl_cert = </etc/dovecot/dovecot.cert

  89.         ssl_key = </etc/dovecot/private/dovecot.key

  90. 

  91. - name: generate the RSA key

  92. # TODO: reenable openssl_privatekey when moving to ansible 2.3

  93. # openssl_privatekey:

  94. #   path: "/etc/dovecot/private/dovecot.key"

  95. #   size: 2048

  96. #   state: present

  97. #   type: RSA

  98.   shell: "openssl genrsa -out /etc/dovecot/private/dovecot.key 2048"

  99.   args:

  100.     creates: /etc/dovecot/private/dovecot.key

  101.   notify: restart dovecot

  102. 

  103. - name: generate CSR

  104.   # TODO: reenable openssl_csr when moving to ansible 2.3

  105.   # openssl_csr:

  106.   #   commonName: "{{ fqdn_domain }}"

  107.   #   countryName: "IT"

  108.   #   digest: sha256

  109.   #   localityName: "TUSCANY"

  110.   #   organizationName: "IT"

  111.   #   path: "/etc/dovecot/private/dovecot.csr"

  112.   #   privatekey_path: "/etc/dovecot/private/dovecot.key"

  113.   #   state: present

  114.   #   stateOrProvinceName: "ITALY"

  115.   shell: 'openssl req -new -sha256 -subj "/C=IT/ST=ITALY/L=TUSCANY/O=IT/CN={{ fqdn_domain }}" -key /etc/dovecot/private/dovecot.key -out /etc/dovecot/private/dovecot.csr'

  116.   args:

  117.     creates: /etc/dovecot/private/dovecot.csr

  118.   notify: restart dovecot

  119. 

  120. - name: lookup ssl ca key

  121.   set_fact:

  122.     ssl_ca_key: "{{ lookup('file', 'lilik_ca_w1.pub') }}"

  123. 

  124. - name: Update ssl CA key

  125.   copy:

  126.     content: "{{ ssl_ca_key }}"

  127.     dest: "/etc/dovecot/ssl_ca.crt"

  128. 

  129. - name: check if dovecot cert is valid

  130.   command: 'openssl verify -CAfile /etc/dovecot/ssl_ca.crt /etc/dovecot/dovecot.cert'

  131.   register: dovecot_cert_is_valid

  132.   changed_when: false

  133.   failed_when: false

  134. 

  135. - block:

  136.     - name: generate host request

  137.       cert_request:

  138.         host: "{{ inventory_hostname }}.lilik.it"

  139.         path: "/etc/dovecot/private/dovecot.csr"

  140.         proto: "ssl"

  141.       register: ca_request

  142. 

  143.     - name: start sign request

  144.       include: ca-dialog.yaml

  145. 

  146.     - set_fact:

  147.         request_output: "{{ request_result.stdout|string|from_json }}"

  148. 

  149.     - debug:

  150.         var: request_result

  151. 

  152.     - name: generate get request

  153.       set_fact:

  154.         ca_request:

  155.           type: 'get_certificate'

  156.           requestID: '{{ request_output.requestID }}'

  157. 

  158.     - debug:

  159.         msg: "Please manualy confirm sign request with id {{ request_output.requestID }}"

  160. 

  161.     - name: wait for cert

  162.       include: ca-dialog.yaml

  163. 

  164.     - set_fact:

  165.         cert_key: "{{ request_result.stdout|string|from_json }}"

  166. 

  167.     - debug:

  168.         var: request_result

  169.         verbosity: 2

  170. 

  171.     - name: set pub key

  172.       copy:

  173.         content: "{{ cert_key.result }}"

  174.         dest: "/etc/dovecot/dovecot.cert"

  175.       register: set_pub_key

  176. 

  177.   when: 'dovecot_cert_is_valid.rc != 0'

  178. 

  179. - template:

  180.     src: dovecot-ldap.conf.ext.j2

  181.     dest: /etc/dovecot/dovecot-ldap.conf.ext

  182.   notify: restart dovecot