81 lines
2 KiB
YAML
81 lines
2 KiB
YAML
---
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: dovecot
|
|
state: installed
|
|
|
|
- name: Create kerberos keytab
|
|
ansible.builtin.include_role:
|
|
name: keytab
|
|
vars:
|
|
keytab_path: /etc/dovecot/dovecot.keytab
|
|
keytab_principals:
|
|
- "imap/{{ mail_server }}@{{ kerberos_realm }}"
|
|
keytab_group: dovecot
|
|
|
|
- name: Install privatekey
|
|
ansible.builtin.copy:
|
|
dest: "{{ tls_private }}/{{ mail_server }}.key"
|
|
src: "{{ item }}"
|
|
mode: "0600"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
with_first_found:
|
|
- "/srv/letsencrypt/live/{{ mail_server }}/privkey.pem"
|
|
- "/srv/ca/private/{{ inventory_hostname }}.key"
|
|
tags: certificates
|
|
notify: Restart dovecot
|
|
|
|
- name: Install certificate
|
|
ansible.builtin.copy:
|
|
dest: "{{ tls_certs }}/{{ mail_server }}-fullchain.crt"
|
|
src: "{{ item }}"
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
with_first_found:
|
|
- "/srv/letsencrypt/live/{{ mail_server }}/fullchain.pem"
|
|
- "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
|
|
tags: certificates
|
|
notify: Restart dovecot
|
|
|
|
- name: Create local config
|
|
ansible.builtin.template:
|
|
dest: /etc/dovecot/conf.d/99-local.conf
|
|
src: local.conf.j2
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
validate: doveconf -n %s
|
|
notify: Restart dovecot
|
|
|
|
- name: Fix SELinux contexts from cache directory
|
|
community.general.sefcontext:
|
|
path: "/var/spool/dovecot/index/home(/.*)?"
|
|
setype: user_home_t
|
|
|
|
- name: Create cache directory hierarcy
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
setype: _default
|
|
with_items:
|
|
- /var/spool/dovecot
|
|
- /var/spool/dovecot/index
|
|
|
|
- name: Create tmpfs mount for cache
|
|
ansible.posix.mount:
|
|
state: mounted
|
|
path: /var/spool/dovecot/index/home
|
|
src: none
|
|
fstype: tmpfs
|
|
opts: mode=1777,context="system_u:object_r:user_home_t:s0"
|
|
|
|
- name: Enable service
|
|
ansible.builtin.service:
|
|
name: dovecot
|
|
enabled: true
|
|
state: started
|