LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
145 Commits
12 Branches
967 KiB
Tree: fba9e26298
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fba9e26298'
${ noResults }
lilik_playbook/roles/dovecot/tasks/main.yaml

150 lines
4.8 KiB
Raw Normal View History

split postfix and dovecot roles
8 years ago
redirect mail to sympa
8 years ago
split postfix and dovecot roles
8 years ago
redirect mail to sympa
8 years ago
split postfix and dovecot roles
8 years ago
add ssl certificate to dovecot
8 years ago
split postfix and dovecot roles
8 years ago
add ssl certificate to dovecot
8 years ago
split postfix and dovecot roles
8 years ago
add ssl certificate to dovecot
8 years ago
split postfix and dovecot roles
8 years ago
add ssl certificate to dovecot
8 years ago
split postfix and dovecot roles
8 years ago
add ssl certificate to dovecot
8 years ago
split postfix and dovecot roles
8 years ago
add ssl certificate to dovecot
8 years ago
remove ca-manager dependencies
8 years ago
add ssl certificate to dovecot
8 years ago
remove ca-manager dependencies
8 years ago
add ssl certificate to dovecot
8 years ago
remove ca-manager dependencies
8 years ago
add ssl certificate to dovecot
8 years ago
remove ca-manager dependencies
8 years ago
add ssl certificate to dovecot
8 years ago
remove ca-manager dependencies
8 years ago
add ssl certificate to dovecot
8 years ago
remove ca-manager dependencies
8 years ago
add ssl certificate to dovecot
8 years ago
remove ca-manager dependencies
8 years ago
add ssl certificate to dovecot
8 years ago
remove ca-manager dependencies
8 years ago
add ssl certificate to dovecot
8 years ago
split postfix and dovecot roles
8 years ago
 
  1. - include: service.yaml

  2.   # static: yes # see static include issue: https://github.com/ansible/ansible/issues/13485

  3.   vars:

  4.     service_name: dovecot

  5.     service_packages:

  6.       - dovecot-ldap

  7.       - dovecot-imapd

  8.       - rsyslog

  9. 

  10. - lineinfile: dest=/etc/postfix/main.cf line="virtual_transport = dovecot" state=present

  11.   notify: restart postfix

  12. 

  13. - blockinfile:

  14.     dest: /etc/postfix/master.cf

  15.     block: |

  16.       dovecot   unix  -       n       n       -       -       pipe

  17.         flags=DRhu user=postman:postman argv=/usr/lib/dovecot/deliver -d ${recipient} -f ${sender}

  18.   notify: restart postfix

  19. 

  20. - name: create postman group

  21.   group: name=postman state=present

  22. 

  23. - name: create postman user

  24.   user: name=postman state=present shell=/dev/null

  25. 

  26. - name: edit dovecot configuration

  27.   lineinfile: dest=/etc/dovecot/conf.d/10-master.conf line='    port = 143' insertafter='inet_listener imap {' state=present

  28.   notify: restart dovecot

  29. 

  30. - blockinfile:

  31.     dest: /etc/dovecot/conf.d/10-master.conf

  32.     insertafter: 'inet_listener imaps {'

  33.     marker: '#{mark} ANSIBLE BLOCK FOR IMAPS PORT'

  34.     block: |

  35.                   port = 993

  36.                   ssl = yes

  37.   notify: restart dovecot

  38. 

  39. - blockinfile:

  40.     dest: "/etc/dovecot/conf.d/10-master.conf"

  41.     insertafter: "unix_listener auth-userdb {"

  42.     marker: '#{mark} ANSIBLE BLOCK FOR AUTH USER'

  43.     block: |

  44.         group = postman

  45.         mode = 0664

  46.         user = postman

  47.   notify: restart dovecot

  48. 

  49. - lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf line='mail_location = maildir:/home/postman/%d/%n' regexp='^mail_location = ' state=present

  50.   notify: restart dovecot

  51. 

  52. - lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf line='mail_gid = postman' state=present

  53.   notify: restart dovecot

  54. 

  55. - lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf line='mail_uid = postman' state=present

  56.   notify: restart dovecot

  57. 

  58. - lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="!include auth-system.conf.ext" state=absent

  59.   notify: restart dovecot

  60. 

  61. - lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="!include auth-ldap.conf.ext" state=present

  62.   notify: restart dovecot

  63. 

  64. - lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="auth_default_realm = {{ domain }}"

  65.   notify: restart dovecot

  66. 

  67. - lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="auth_mechanisms = login plain"

  68.   notify: restart dovecot

  69. 

  70. - name: enable ssl key

  71.   blockinfile:

  72.     dest: /etc/dovecot/conf.d/10-ssl.conf

  73.     block: |

  74.         ssl = yes

  75.         ssl_cert = </etc/dovecot/dovecot.cert

  76.         ssl_key = </etc/dovecot/private/dovecot.key

  77. 

  78. - name: generate the RSA key

  79.   shell: "openssl genrsa -out /etc/dovecot/private/dovecot.key 2048"

  80.   args:

  81.     creates: /etc/dovecot/private/dovecot.key

  82.   notify: restart dovecot

  83. 

  84. - name: create CSR

  85.   shell: 'openssl req -new -sha256 -subj "/C=IT/ST=ITALY/L=TUSCANY/O=IT/CN={{ fqdn_domain }}" -key /etc/dovecot/private/dovecot.key -out /etc/dovecot/private/dovecot.csr'

  86.   args:

  87.     creates: /etc/dovecot/private/dovecot.csr

  88.   notify: restart dovecot

  89. 

  90. - name: check if dovecot cert key exist

  91.   stat:

  92.     path: /etc/dovecot/dovecot.cert

  93.   register: dovecot_cert_key

  94. 

  95. - block:

  96.     - name: get pub key

  97.       shell: "cat /etc/dovecot/private/dovecot.csr"

  98.       register: pub_key

  99.     - debug: var=pub_key verbosity=2

  100.     - name: generate host request

  101.       set_fact:

  102.         cert_request:

  103.           type: 'sign_request'

  104.           request:

  105.             keyType: 'ssl_host'

  106.             hostName: '{{ inventory_hostname }}'

  107.             keyData: '{{ pub_key.stdout }}'

  108.     - debug: var=cert_request verbosity=2

  109.     - name: start sign request

  110.       raw: "{{ cert_request | to_json }}"

  111.       delegate_to: "{{item}}"

  112.       delegate_facts: True

  113.       with_items: "{{groups['cas']}}"

  114.       register: request_result

  115.     - debug: var=request_result verbosity=2

  116. 

  117.     - set_fact:

  118.           request_output: "{{ request_result.results[0].stdout|string|from_json }}"

  119.     - debug: var=request_output

  120. 

  121.     - name: generate get request

  122.       set_fact:

  123.         get_request:

  124.           type: 'get_certificate'

  125.           requestID: '{{ request_output.requestID }}'

  126.     - debug: var=get_request verbosity=2

  127. 

  128.     - debug: msg="Please manualy confirm sign request with id {{ request_output.requestID }}"

  129. 

  130.     - name: wait for cert

  131.       raw: "{{ get_request | to_json }}"

  132.       delegate_to: "{{item}}"

  133.       delegate_facts: True

  134.       with_items: "{{groups['cas']}}"

  135.       register: cert_result

  136. 

  137.     - debug: var=cert_result verbosity=2

  138. 

  139.     - set_fact:

  140.           cert_key: "{{ cert_result.results[0].stdout|string|from_json }}"

  141. 

  142.     - debug: var=request_output verbosity=2

  143. 

  144.     - name: set pub key

  145.       shell: "echo '{{ cert_key.result }}' > /etc/dovecot/dovecot.cert"

  146.       register: set_pub_key

  147.   when: not dovecot_cert_key.stat.exists

  148. 

  149. - template: src=dovecot-ldap.conf.ext.j2 dest=/etc/dovecot/dovecot-ldap.conf.ext

  150.   notify: restart dovecot