--- - name: install packages package: name: dovecot state: installed - name: create kerberos keytab include_role: name: kerberos/keytab vars: keytab: /etc/dovecot/dovecot.keytab principals: - "imap/{{ mail_server }}@{{ kerberos_realm }}" group: dovecot - name: install privatekey copy: dest: "{{ tls_private }}/{{ mail_server }}.key" src: "{{ item }}" mode: 0600 owner: root group: "{{ ansible_wheel }}" with_first_found: - "/srv/letsencrypt/live/{{ mail_server }}/privkey.pem" - "/srv/ca/private/{{ inventory_hostname }}.key" tags: certificates notify: restart dovecot - name: install certificate copy: dest: "{{ tls_certs }}/{{ mail_server }}-fullchain.crt" src: "{{ item }}" mode: 0644 owner: root group: "{{ ansible_wheel }}" with_first_found: - "/srv/letsencrypt/live/{{ mail_server }}/fullchain.pem" - "/srv/ca/certs/{{ inventory_hostname }}.crt" tags: certificates notify: restart dovecot - name: create local config template: dest: /etc/dovecot/conf.d/99-local.conf src: local.conf.j2 mode: 0644 owner: root group: "{{ ansible_wheel }}" validate: doveconf -n %s notify: restart dovecot - name: fix selinux contexts from cache directory sefcontext: path: "/var/spool/dovecot/index/home(/.*)?" setype: user_home_t - name: create cache directory hierarcy file: path: "{{ item }}" state: directory mode: 0755 owner: root group: "{{ ansible_wheel }}" setype: _default with_items: - /var/spool/dovecot - /var/spool/dovecot/index - name: create user cache directory file: path: /var/spool/dovecot/index/home state: directory owner: root group: "{{ ansible_wheel }}" setype: _default - name: create tmpfs mount for cache mount: state: mounted path: /var/spool/dovecot/index/home src: none fstype: tmpfs opts: mode=1777,context="system_u:object_r:user_home_t:s0" - name: enable service service: name: dovecot enabled: true state: started