diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
| commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
| tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/dovecot/tasks/main.yml | |
| download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip | |
initial commit
Diffstat (limited to 'roles/dovecot/tasks/main.yml')
| -rw-r--r-- | roles/dovecot/tasks/main.yml | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml new file mode 100644 index 0000000..09f2e2e --- /dev/null +++ b/roles/dovecot/tasks/main.yml @@ -0,0 +1,127 @@ +- name: install dovecot + dnf: + name: '{{ dovecot_packages }}' + state: present + +- name: add vmail user + user: + name: '{{ dovecot_vmail_user }}' + system: yes + home: '{{ dovecot_vmail_dir }}' + shell: /sbin/nologin + create_home: no + register: dovecot_vmail_user_result + +- name: create vmail directory + file: + path: '{{ dovecot_vmail_dir }}' + state: directory + owner: '{{ dovecot_vmail_user }}' + group: '{{ dovecot_vmail_user }}' + setype: mail_spool_t + mode: 0770 + +- name: set selinux context for vmail directory + sefcontext: + target: '{{ dovecot_vmail_dir }}(/.*)?' + setype: mail_spool_t + state: present + register: dovecot_vmail_sefcontext + +- name: apply selinux context to vmail directory + command: 'restorecon -R {{ dovecot_vmail_dir }}' + when: dovecot_vmail_sefcontext.changed + +- name: set up FreeIPA integration for IMAP + import_tasks: freeipa.yml + +- name: request TLS certificate + include_role: + name: getcert_request + vars: + certificate_service: imap + certificate_path: '{{ dovecot_certificate_path }}' + certificate_key_path: '{{ dovecot_certificate_key_path }}' + certificate_owner: dovecot + certificate_hook: systemctl reload dovecot + +- name: generate dhparams + openssl_dhparam: + path: '{{ dovecot_dhparams_path }}' + size: 2048 + +- name: configure Apache Solr for full-text search + import_tasks: solr.yml + tags: solr + +- name: create virtual config directory + file: + path: /etc/dovecot/virtual + state: directory + +- name: create global sieve directories + file: + path: '{{ item }}' + state: directory + recurse: yes + loop: + - '{{ dovecot_sieve_dir }}' + - '{{ dovecot_sieve_before_dir }}' + - '{{ dovecot_sieve_pipe_bin_dir }}' + +- name: create virtual mailbox definitions + copy: + src: etc/dovecot/virtual/ + dest: /etc/dovecot/virtual/ + +- name: generate dovecot configuration + template: + src: '{{ item.src }}' + dest: /etc/dovecot/{{ item.path | splitext | first }} + loop: "{{ lookup('filetree', '../templates/etc/dovecot', wantlist=True) }}" + loop_control: + label: '{{ item.path }}' + when: item.state == 'file' + notify: restart dovecot + +- name: copy quota warn script + template: + src: '{{ dovecot_quota_warning_script[1:] }}.j2' + dest: '{{ dovecot_quota_warning_script }}' + mode: 0555 + +- name: start dovecot + systemd: + name: dovecot + enabled: yes + state: started + +- import_tasks: rspamd.yml + +- name: open firewall ports + firewalld: + service: '{{ item }}' + permanent: yes + immediate: yes + state: enabled + loop: + - imaps + - managesieve + tags: firewalld + +- name: open firewall ports + firewalld: + port: '{{ item }}' + permanent: yes + immediate: yes + state: enabled + loop: + - '{{ dovecot_quota_status_port }}/tcp' + - '{{ dovecot_lmtp_port }}/tcp' + tags: firewalld + +- name: generate archive script + template: + src: '{{ dovecot_archive_script[1:] }}.j2' + dest: '{{ dovecot_archive_script }}' + mode: 0555 |