Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

199 lines
4.8 KiB

- include_role:
name: service
# static: yes # see static include issue: https://github.com/ansible/ansible/issues/13485
vars:
service_name: dovecot
service_packages:
- dovecot-ldap
- dovecot-imapd
- rsyslog
- lineinfile: dest=/etc/postfix/main.cf line="virtual_transport = dovecot" state=present
notify: restart postfix
- blockinfile:
dest: /etc/postfix/master.cf
block: |
dovecot unix - n n - - pipe
flags=DRhu user=postman:postman argv=/usr/lib/dovecot/deliver -d ${recipient} -f ${sender}
notify: restart postfix
- name: create postman group
group:
name: postman
state: present
- name: create postman user
user:
name: postman
state: present
shell: /dev/null
- name: edit dovecot configuration
lineinfile:
dest: /etc/dovecot/conf.d/10-master.conf
line: ' port = 143'
insertafter: 'inet_listener imap {'
state: present
notify: restart dovecot
- blockinfile:
dest: /etc/dovecot/conf.d/10-master.conf
insertafter: 'inet_listener imaps {'
marker: '#{mark} ANSIBLE BLOCK FOR IMAPS PORT'
block: |
port = 993
ssl = yes
notify: restart dovecot
- blockinfile:
dest: "/etc/dovecot/conf.d/10-master.conf"
insertafter: "unix_listener auth-userdb {"
marker: '#{mark} ANSIBLE BLOCK FOR AUTH USER'
block: |
group = postman
mode = 0664
user = postman
notify: restart dovecot
- lineinfile:
dest: /etc/dovecot/conf.d/10-mail.conf
line: 'mail_location = maildir:/home/postman/%d/%n'
regexp: '^mail_location = '
state: present
notify: restart dovecot
- lineinfile:
dest: /etc/dovecot/conf.d/10-mail.conf
line: 'mail_gid : postman'
state: present
notify: restart dovecot
- lineinfile:
dest: /etc/dovecot/conf.d/10-mail.conf
line: 'mail_uid : postman'
state: present
notify: restart dovecot
- lineinfile:
dest: /etc/dovecot/conf.d/10-auth.conf
line: "!include auth-system.conf.ext"
state: absent
notify: restart dovecot
- lineinfile:
dest: /etc/dovecot/conf.d/10-auth.conf
line: "!include auth-ldap.conf.ext"
state: present
notify: restart dovecot
- lineinfile:
dest: /etc/dovecot/conf.d/10-auth.conf
line: "auth_default_realm : {{ domain }}"
notify: restart dovecot
- lineinfile:
dest: /etc/dovecot/conf.d/10-auth.conf
line: "auth_mechanisms : login plain"
notify: restart dovecot
- name: enable ssl key
blockinfile:
dest: /etc/dovecot/conf.d/10-ssl.conf
block: |
ssl = yes
ssl_cert = </etc/dovecot/dovecot.cert
ssl_key = </etc/dovecot/private/dovecot.key
- name: generate the RSA key
shell: "openssl genrsa -out /etc/dovecot/private/dovecot.key 2048"
args:
creates: /etc/dovecot/private/dovecot.key
notify: restart dovecot
- name: create CSR
shell: 'openssl req -new -sha256 -subj "/C=IT/ST=ITALY/L=TUSCANY/O=IT/CN={{ fqdn_domain }}" -key /etc/dovecot/private/dovecot.key -out /etc/dovecot/private/dovecot.csr'
args:
creates: /etc/dovecot/private/dovecot.csr
notify: restart dovecot
- name: check if dovecot cert key exist
stat:
path: /etc/dovecot/dovecot.cert
register: dovecot_cert_key
- block:
- name: get pub key
slurp:
src: "/etc/dovecot/private/dovecot.csr"
register: pub_key
- debug:
var: pub_key
verbosity: 2
- name: generate host request
set_fact:
ca_request:
type: 'sign_request'
request:
keyType: 'ssl_host'
hostName: '{{ inventory_hostname }}.lilik.it'
keyData: "{{ pub_key.content| b64decode}}"
- debug:
var: ca_request
verbosity: 2
- name: start sign request
include: ca-dialog.yaml
- debug:
var: request_result
verbosity: 2
- set_fact:
request_output: "{{ request_result.stdout|string|from_json }}"
- debug:
var: request_result
- name: generate get request
set_fact:
ca_request:
type: 'get_certificate'
requestID: '{{ request_output.requestID }}'
- debug:
var: ca_request
verbosity: 2
- debug:
msg: "Please manualy confirm sign request with id {{ request_output.requestID }}"
- name: wait for cert
include: ca-dialog.yaml
- debug:
var: request_result
verbosity: 2
- set_fact:
cert_key: "{{ request_result.stdout|string|from_json }}"
- debug:
var: request_result
verbosity: 2
- name: set pub key
copy:
content: "{{ cert_key.result }}"
dest: "/etc/dovecot/dovecot.cert"
register: set_pub_key
when: not dovecot_cert_key.stat.exists
- template:
src: dovecot-ldap.conf.ext.j2
dest: /etc/dovecot/dovecot-ldap.conf.ext
notify: restart dovecot