diff --git a/defaults/main.yml b/defaults/main.yml index eb43a18..ac9cb33 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,18 +1,22 @@ --- +mailserver_mail_domain: "sum7.eu" +mailserver_mx_domain: "{{ inventory_hostname }}" +mailserver_cert_domains: "{{ mailserver_mx_domain }} mail.{{ mailserver_mail_domain }}" + mailserver_db_type: "pgsql" mailserver_db_host: "localhost" mailserver_db_name: "mailserver" mailserver_db_user: "mailserver" mailserver_db_password: "{{ lookup('password', 'credentials/' + inventory_hostname + '/mailserver/db_password length=15') }}" + #mailserver_postfixadmin_setup_password: "" # after postfixadmin-setup mailserver_postfixadmin_domain: "" -mailserver_postfixadmin_mail_domain: "sum7.eu" -mailserver_postfixadmin_mail_admin: "admin@{{ mailserver_postfixadmin_mail_domain }}" +mailserver_postfixadmin_mail_admin: "admin@{{ mailserver_mail_domain }}" mailserver_postfixadmin_setup: "" mailserver_postfixadmin_default_aliases: - abuse: "abuse@{{ mailserver_postfixadmin_mail_domain }}" - hostmaster: "hostmaster@{{ mailserver_postfixadmin_mail_domain }}" - postmaster: "postmaster@{{ mailserver_postfixadmin_mail_domain }}" - webmaster: "webmaster@{{ mailserver_postfixadmin_mail_domain }}" - + abuse: "abuse@{{ mailserver_mail_domain }}" + hostmaster: "hostmaster@{{ mailserver_mail_domain }}" + postmaster: "postmaster@{{ mailserver_mail_domain }}" + webmaster: "webmaster@{{ mailserver_mail_domain }}" +mailserver_rspamd_enabled: true diff --git a/handlers/main.yml b/handlers/main.yml index 4e0a6ca..0ddad3c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,3 +3,8 @@ systemd: name: nginx state: reloaded + +- name: restart dovecot + systemd: + name: dovecot + state: restarted diff --git a/tasks/db.yml b/tasks/db.yml index 2087fe4..ea84d45 100644 --- a/tasks/db.yml +++ b/tasks/db.yml @@ -1,4 +1,4 @@ -- name: Install PostgreSQL +- name: DB - Install PostgreSQL package: state: latest name: @@ -7,12 +7,12 @@ - postgresql-old-upgrade - postgis -- name: Ensure a locale exists +- name: DB - Ensure a locale exists locale_gen: name: en_US.UTF-8 state: present -- name: init db +- name: DB - Init become: yes become_user: postgres become_method: su @@ -20,19 +20,19 @@ args: creates: /var/lib/postgres/data/postgresql.conf -- name: start db +- name: DB - starting systemd: name: postgresql enabled: yes state: started -- name: create db user +- name: DB - create user postgresql_user: login_host: "{{ mailserver_db_host }}" name: "{{ mailserver_db_user }}" password: "{{ mailserver_db_password }}" -- name: create db +- name: DB - create database postgresql_db: login_host: "{{ mailserver_db_host }}" name: "{{ mailserver_db_name }}" diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml index 3768064..c8d6ad6 100644 --- a/tasks/dovecot.yml +++ b/tasks/dovecot.yml @@ -1,11 +1,18 @@ -- name: Install dovecot +- name: dovecot - install package: state: latest name: - dovecot - pigeonhole -- name: dovecot create config folder +- name: dovecot - generate DH + notify: restart dovecot + openssl_dhparam: + path: /etc/dovecot/dh.pem + size: 4096 + +- name: dovecot - create config folder + notify: restart dovecot file: path: "{{ item }}" state: directory @@ -14,7 +21,8 @@ - /etc/dovecot - /etc/dovecot/conf.d -- name: take default dovecot config +- name: dovecot - take default config + notify: restart dovecot copy: remote_src: yes src: "/usr/share/doc/dovecot/example-config/{{ item }}" @@ -23,7 +31,8 @@ - conf.d/auth-sql.conf.ext -- name: dovecot config +- name: dovecot - config + notify: restart dovecot template: src: "dovecot/{{ item }}" dest: "/etc/dovecot/{{ item }}" @@ -31,4 +40,19 @@ - dovecot-sql.conf.ext - dovecot.conf - conf.d/10-auth.conf + - conf.d/10-mail.conf + - conf.d/10-master.conf + - conf.d/10-ssl.conf + - conf.d/15-mailboxes.conf + - conf.d/20-imap.conf + - conf.d/20-lmtp.conf + - conf.d/20-managesieve.conf + - conf.d/90-quota.conf + - conf.d/90-sieve.conf + - conf.d/91-stats.conf +- name: dovecot - start and enable on boot + systemd: + name: dovecot + enabled: yes + state: restarted diff --git a/tasks/main.yml b/tasks/main.yml index f0e0254..2cd1220 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -16,6 +16,12 @@ shell: /usr/bin/nologin home: /srv/mail +- name: get mx cert + notify: dehydrated + lineinfile: + path: /etc/dehydrated/domains.txt + line: "{{ mailserver_cert_domains }}" + - name: Run userdatabase import_tasks: db.yml @@ -27,6 +33,7 @@ - name: Run rspamd import_tasks: rspamd.yml + when: mailserver_rspamd_enabled - name: Run mailman import_tasks: mailman.yml diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index 7c5e898..a9d987d 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -1,28 +1,28 @@ -- name: package +- name: postfixadmin - install package: name: - postfixadmin -- name: nginx local +- name: postfixadmin - nginx local notify: reload nginx when: mailserver_postfixadmin_domain == "" template: src: postfixadmin-local.nginx dest: /etc/nginx/local.d/postfixadmin.act -- name: nginx domain +- name: postfixadmin - nginx domain notify: reload nginx when: mailserver_postfixadmin_domain != "" template: src: postfixadmin-domain.nginx dest: /etc/nginx/sites.d/postfixadmin.act -- name: config postfixadmin +- name: postfixadmin - config template: src: postfixadmin.local.php dest: /etc/webapps/postfixadmin/config.local.php -- name: allow access php to postfixadmin.conf +- name: postfixadmin - fix config access file: path: "/etc/webapps/postfixadmin/{{ item }}" owner: http @@ -31,7 +31,7 @@ - config.inc.php - config.local.php -- name: config caching +- name: postfixadmin - fix caching access file: path: "{{ item }}" owner: http diff --git a/templates/dovecot/conf.d/10-mail.conf b/templates/dovecot/conf.d/10-mail.conf new file mode 100644 index 0000000..18cf359 --- /dev/null +++ b/templates/dovecot/conf.d/10-mail.conf @@ -0,0 +1,8 @@ +#mail_location = mbox:~/mail:INBOX=/var/mail/%u +mail_location = maildir:~/Maildir +namespace inbox { + inbox = yes +} +mail_uid = 5000 +mail_gid = 5000 +mail_plugins = quota old_stats diff --git a/templates/dovecot/conf.d/10-master.conf b/templates/dovecot/conf.d/10-master.conf new file mode 100644 index 0000000..7eebff6 --- /dev/null +++ b/templates/dovecot/conf.d/10-master.conf @@ -0,0 +1,45 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} +service lmtp { + unix_listener lmtp { + } + unix_listener /var/spool/postfix/private/dovecot-lmtp { + mode = 0600 + user = postfix + group = postfix + } +} +service imap { + executable = imap +} +service pop3 { + executable = pop3 +} +service auth { + unix_listener auth-userdb { + user = vmail + } + unix_listener /var/spool/postfix/private/auth { + mode = 0666 + user = postfix + group = postfix + } +} +service auth-worker { +} +service dict { + unix_listener dict { + mode = 0600 + user = vmail + } +} diff --git a/templates/dovecot/conf.d/10-ssl.conf b/templates/dovecot/conf.d/10-ssl.conf new file mode 100644 index 0000000..510e3b9 --- /dev/null +++ b/templates/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,6 @@ +ssl = required +ssl_cert = '$PALANG key (optional: + parameter)',