- include_role:
|
|
name: service
|
|
# static: yes # see static include issue: https://github.com/ansible/ansible/issues/13485
|
|
vars:
|
|
service_name: dovecot
|
|
service_packages:
|
|
- dovecot-ldap
|
|
- dovecot-imapd
|
|
- rsyslog
|
|
|
|
- lineinfile: dest=/etc/postfix/main.cf line="virtual_transport = dovecot" state=present
|
|
notify: restart postfix
|
|
|
|
- blockinfile:
|
|
dest: /etc/postfix/master.cf
|
|
block: |
|
|
dovecot unix - n n - - pipe
|
|
flags=DRhu user=postman:postman argv=/usr/lib/dovecot/deliver -d ${recipient} -f ${sender}
|
|
notify: restart postfix
|
|
|
|
- name: create postman group
|
|
group:
|
|
name: postman
|
|
state: present
|
|
|
|
- name: create postman user
|
|
user:
|
|
name: postman
|
|
state: present
|
|
shell: /dev/null
|
|
|
|
- name: edit dovecot configuration
|
|
lineinfile:
|
|
dest: /etc/dovecot/conf.d/10-master.conf
|
|
line: ' port = 143'
|
|
insertafter: 'inet_listener imap {'
|
|
state: present
|
|
notify: restart dovecot
|
|
|
|
- blockinfile:
|
|
dest: /etc/dovecot/conf.d/10-master.conf
|
|
insertafter: 'inet_listener imaps {'
|
|
marker: '#{mark} ANSIBLE BLOCK FOR IMAPS PORT'
|
|
block: |
|
|
port = 993
|
|
ssl = yes
|
|
notify: restart dovecot
|
|
|
|
- blockinfile:
|
|
dest: "/etc/dovecot/conf.d/10-master.conf"
|
|
insertafter: "unix_listener auth-userdb {"
|
|
marker: '#{mark} ANSIBLE BLOCK FOR AUTH USER'
|
|
block: |
|
|
group = postman
|
|
mode = 0664
|
|
user = postman
|
|
notify: restart dovecot
|
|
|
|
- lineinfile:
|
|
dest: /etc/dovecot/conf.d/10-mail.conf
|
|
line: 'mail_location = maildir:/home/postman/%d/%n'
|
|
regexp: '^mail_location = '
|
|
state: present
|
|
notify: restart dovecot
|
|
|
|
- lineinfile:
|
|
dest: /etc/dovecot/conf.d/10-mail.conf
|
|
line: 'mail_gid : postman'
|
|
state: present
|
|
notify: restart dovecot
|
|
|
|
- lineinfile:
|
|
dest: /etc/dovecot/conf.d/10-mail.conf
|
|
line: 'mail_uid : postman'
|
|
state: present
|
|
notify: restart dovecot
|
|
|
|
- lineinfile:
|
|
dest: /etc/dovecot/conf.d/10-auth.conf
|
|
line: "!include auth-system.conf.ext"
|
|
state: absent
|
|
notify: restart dovecot
|
|
|
|
- lineinfile:
|
|
dest: /etc/dovecot/conf.d/10-auth.conf
|
|
line: "!include auth-ldap.conf.ext"
|
|
state: present
|
|
notify: restart dovecot
|
|
|
|
- lineinfile:
|
|
dest: /etc/dovecot/conf.d/10-auth.conf
|
|
line: "auth_default_realm : {{ domain }}"
|
|
notify: restart dovecot
|
|
|
|
- lineinfile:
|
|
dest: /etc/dovecot/conf.d/10-auth.conf
|
|
line: "auth_mechanisms : login plain"
|
|
notify: restart dovecot
|
|
|
|
- name: enable ssl key
|
|
blockinfile:
|
|
dest: /etc/dovecot/conf.d/10-ssl.conf
|
|
block: |
|
|
ssl = yes
|
|
ssl_cert = </etc/dovecot/dovecot.cert
|
|
ssl_key = </etc/dovecot/private/dovecot.key
|
|
|
|
- name: generate the RSA key
|
|
shell: "openssl genrsa -out /etc/dovecot/private/dovecot.key 2048"
|
|
args:
|
|
creates: /etc/dovecot/private/dovecot.key
|
|
notify: restart dovecot
|
|
|
|
- name: create CSR
|
|
shell: 'openssl req -new -sha256 -subj "/C=IT/ST=ITALY/L=TUSCANY/O=IT/CN={{ fqdn_domain }}" -key /etc/dovecot/private/dovecot.key -out /etc/dovecot/private/dovecot.csr'
|
|
args:
|
|
creates: /etc/dovecot/private/dovecot.csr
|
|
notify: restart dovecot
|
|
|
|
- name: check if dovecot cert key exist
|
|
stat:
|
|
path: /etc/dovecot/dovecot.cert
|
|
register: dovecot_cert_key
|
|
|
|
- block:
|
|
- name: get pub key
|
|
slurp:
|
|
src: "/etc/dovecot/private/dovecot.csr"
|
|
register: pub_key
|
|
|
|
- debug:
|
|
var: pub_key
|
|
verbosity: 2
|
|
|
|
- name: generate host request
|
|
set_fact:
|
|
ca_request:
|
|
type: 'sign_request'
|
|
request:
|
|
keyType: 'ssl_host'
|
|
hostName: '{{ inventory_hostname }}.lilik.it'
|
|
keyData: "{{ pub_key.content| b64decode}}"
|
|
|
|
- debug:
|
|
var: ca_request
|
|
verbosity: 2
|
|
|
|
- name: start sign request
|
|
include: ca-dialog.yaml
|
|
|
|
- debug:
|
|
var: request_result
|
|
verbosity: 2
|
|
|
|
- set_fact:
|
|
request_output: "{{ request_result.stdout|string|from_json }}"
|
|
|
|
- debug:
|
|
var: request_result
|
|
|
|
- name: generate get request
|
|
set_fact:
|
|
ca_request:
|
|
type: 'get_certificate'
|
|
requestID: '{{ request_output.requestID }}'
|
|
|
|
- debug:
|
|
var: ca_request
|
|
verbosity: 2
|
|
|
|
- debug:
|
|
msg: "Please manualy confirm sign request with id {{ request_output.requestID }}"
|
|
|
|
- name: wait for cert
|
|
include: ca-dialog.yaml
|
|
|
|
- debug:
|
|
var: request_result
|
|
verbosity: 2
|
|
|
|
- set_fact:
|
|
cert_key: "{{ request_result.stdout|string|from_json }}"
|
|
|
|
- debug:
|
|
var: request_result
|
|
verbosity: 2
|
|
|
|
- name: set pub key
|
|
copy:
|
|
content: "{{ cert_key.result }}"
|
|
dest: "/etc/dovecot/dovecot.cert"
|
|
register: set_pub_key
|
|
|
|
when: not dovecot_cert_key.stat.exists
|
|
|
|
- template:
|
|
src: dovecot-ldap.conf.ext.j2
|
|
dest: /etc/dovecot/dovecot-ldap.conf.ext
|
|
notify: restart dovecot
|