ansible/roles/dovecot/tasks/main.yml

---
- name: Install Dovecot
  package:
    name: dovecot dovecot-fts-xapian dovecot-pigeonhole
    state: present

- name: Set permissions on /usr/local/etc/dovecot
  file:
    path: /usr/local/etc/dovecot
    state: directory
    owner: acme
    group: dovecot
    mode: 0750

- name: Generate DH parameters
  command: openssl dhparam -out /usr/local/etc/dovecot/dh.pem 2048
  args:
    creates: /usr/local/etc/dovecot/dh.pem
 
- name: Add vmail group
  group:
    name: vmail
    gid: 20002

- name: Add vmail user
  user:
    name: vmail
    uid: 20002
    group: vmail
    home: /var/empty
    create_home: no
    login_class: daemon
    password: '*'

- name: Add vmail ZFS file system
  zfs:
    name: '{{ bhyve_pool }}/var/vmail'
    state: present

- name: Set permissions on /var/vmail
  file:
    path: /var/vmail
    state: directory
    owner: vmail
    group: vmail
    mode: 0750

- name: Create /var/spool/postfix
  file:
    path: /var/spool/postfix
    state: directory
    owner: root
    group: wheel
    mode: 0755

- name: Add /var/log/dovecot to fstab
  mount:
    path: /var/log/dovecot
    src: tmpfs
    fstype: tmpfs
    opts: 'rw,size={{ dovecot_log_size }},mode={{ dovecot_log_mode }},uid={{ dovecot_log_uid }},gid={{ dovecot_log_gid }},late'
    state: mounted

- name: Create Dovecot service directories
  file:
    path: '/etc/s6-rc/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
    mode: 0755
  with_items: '{{ dovecot_service_dirs }}'
  notify:
    - Reload s6-rc
    - Restart Dovecot log
    - Restart Dovecot

- name: Generate Dovecot service scripts
  template:
    dest: '/etc/s6-rc/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
    group: wheel
  with_items: '{{ dovecot_service_scripts }}'
  notify:
    - Reload s6-rc
    - Restart Dovecot log
    - Restart Dovecot

- name: Generate Dovecot service configuration
  copy:
    dest: '/etc/s6-rc/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
    group: wheel
  loop_control:
    label: '{{ item.name }} = {{ item.content }}'
  notify:
    - Reload s6-rc
    - Restart Dovecot log
    - Restart Dovecot
  with_items: '{{ dovecot_service_config }}'

- name: Configure dovecot
  template:
    dest: '/usr/local/etc/dovecot/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0440
    owner: dovecot
    group: wheel
  with_items:
    - dovecot.conf
    - passwd
  notify:
    - Reload Dovecot

- name: Tell acme.sh where to find Dovecot
  lineinfile:
    path: /var/db/acme/account.conf
    create: yes
    owner: acme
    group: acme
    regexp: '^DEPLOY_DOVECOT_PEM_PATH='
    state: present
    line: 'DEPLOY_DOVECOT_RELOAD="sudo s6-svc -h /run/service/dovecot"'

- name: Flush handlers
  meta: flush_handlers

- name: Allow acme.sh to reload Dovecot
  template:
    dest: /usr/local/etc/sudoers.d/acme_dovecot
    src: acme_dovecot.j2
    mode: 0444
    owner: root
    group: wheel

- name: Deploy X.509 certificate to Dovecot
  command: 'env sudo -Hu acme acme.sh --debug --home /var/db/acme --install-cert --domain {{ ansible_fqdn }} --cert-file /usr/local/etc/dovecot/cert.pem --key-file /usr/local/etc/dovecot/privkey.pem --fullchain-file /usr/local/etc/dovecot/fullchain.pem --reloadcmd "sudo s6-svc -h /run/service/dovecot"'
  args:
    creates: /usr/local/etc/dovecot/fullchain.pem
  notify:
    - Reload Dovecot

- name: Start Dovecot
  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change dovecot
  register: change
  changed_when: change.stdout | length > 0

- name: Enable Dovecot
  lineinfile:
    path: /etc/s6-rc/service/enabled/contents
    regexp: "^dovecot$"
    line: dovecot
    state: present
  notify:
    - Reload s6-rc

- name: Flush handlers (again)
  meta: flush_handlers