defaults/main.yml

#
# Default variables for the role. These can be overridden in your inventory
# or playbook to customize the deployment.
#

# The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" or "ipv6", separated by whitespace or commas.
# The form "all" is equivalent to "ipv4, ipv6" or "ipv4", depending on whether the operating system implements IPv6.
postfix_inet_protocols: "all"

# The local network interface addresses that this mail system receives mail on. Specify "all" to receive mail on all network interfaces (default),
# "loopback-only" to receive mail on loopback network interfaces only (Postfix version 2.2 and later), or zero or more IPv4 or IPv6 addresses 
# (IPv6 is supported in Postfix version 2.2 and later)
postfix_inet_interfaces: "all"

# The primary mail domain for this server.
postfix_mail_domain: "{{ ansible_domain | default('internal.local') }}"

# The Fully Qualified Domain Name of the mail server.
postfix_myhostname: "mail.{{ postfix_mail_domain }}"

# Comma-separated list of domains this server accepts mail for locally.
# When using Dovecot with LMTP (virtual mailboxes), the mail domain is handled
# separately via virtual_mailbox_domains, so it should NOT be included here.
postfix_mydestination: "$myhostname, localhost.{{ postfix_mail_domain }}, localhost"

# The list of "trusted" remote SMTP clients that have more privileges than "strangers".
postfix_mynetworks: "127.0.0.0/8 [::1]/128"

# The relayhost (smarthost) for all outgoing mail.
# This variable MUST be set for the role to work as intended.
# Example: "[smtp.sendgrid.net]:587"
# Note: The square brackets [] are important to prevent MX record lookups.
postfix_relayhost: ""

# Optional credentials for the relayhost. If these are defined,
# SASL authentication will be automatically configured.
# postfix_relayhost_user: "apikey"
# postfix_relayhost_password: "YourVeryLongAndComplexApiKey"

# --- Dovecot Configuration ---

# Whether to install and configure Dovecot
dovecot_enabled: true

# Protocols to enable (imap, pop3, lmtp)
dovecot_protocols: "imap pop3 lmtp"

# IMAP capability adjustments. Set to modify advertised IMAP capabilities.
# Use +CAPABILITY to add, -CAPABILITY to remove.
# Example: "+IMAP4rev1 -LITERAL+ -NOTIFY" removes modern extensions that
# might suppress standard untagged responses.
# Leave empty to use Dovecot defaults.
dovecot_imap_capability: ""

# Mail storage location. Using Maildir in the user's home directory.
dovecot_mail_location: "maildir:~/Maildir"

# SSL/TLS configuration
# Use 'yes', 'no' or 'required'. 'required' is recommended for production.
dovecot_ssl: "yes"
mail_ssl_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
mail_ssl_key: "/etc/ssl/private/ssl-cert-snakeoil.key"

# Authentication mechanisms
dovecot_auth_mechanisms: "plain login"

# Postfix integration
dovecot_postfix_sasl_enable: true
dovecot_postfix_lmtp_enable: true

# Local Dovecot Users
# Example:
# dovecot_users:
#   - name: "service1"
#     pass: "secret123"
dovecot_users: []
#1 - Implement new ansible role for mailserver. Just covering Postfix for now. 2025-07-28 21:08:28 -03:00			`#`
			`# Default variables for the role. These can be overridden in your inventory`
			`# or playbook to customize the deployment.`
			`#`

			`# The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" or "ipv6", separated by whitespace or commas.`
			`# The form "all" is equivalent to "ipv4, ipv6" or "ipv4", depending on whether the operating system implements IPv6.`
			`postfix_inet_protocols: "all"`

			`# The local network interface addresses that this mail system receives mail on. Specify "all" to receive mail on all network interfaces (default),`
			`# "loopback-only" to receive mail on loopback network interfaces only (Postfix version 2.2 and later), or zero or more IPv4 or IPv6 addresses`
			`# (IPv6 is supported in Postfix version 2.2 and later)`
			`postfix_inet_interfaces: "all"`

			`# The primary mail domain for this server.`
			`postfix_mail_domain: "{{ ansible_domain \| default('internal.local') }}"`

			`# The Fully Qualified Domain Name of the mail server.`
			`postfix_myhostname: "mail.{{ postfix_mail_domain }}"`

feat(postfix): implement virtual mailbox configuration for Dovecot LMTP Updates the Postfix configuration to correctly handle virtual domains when Dovecot LMTP is enabled, moving away from local system delivery settings. - Removes `postfix_mail_domain` from `postfix_mydestination` to prevent conflicts with virtual domain handling. - Updates `main.cf` to set `virtual_transport`, `virtual_mailbox_domains`, and `virtual_mailbox_maps` instead of `mailbox_transport`. - Adds a new template `virtual_mailbox_maps.j2` to authorize specific users defined in `dovecot_users`. - Adds tasks to generate the virtual mailbox map file and run `postmap` upon changes. 2026-02-11 14:49:22 -03:00			`# Comma-separated list of domains this server accepts mail for locally.`
			`# When using Dovecot with LMTP (virtual mailboxes), the mail domain is handled`
			`# separately via virtual_mailbox_domains, so it should NOT be included here.`
			`postfix_mydestination: "$myhostname, localhost.{{ postfix_mail_domain }}, localhost"`
#1 - Implement new ansible role for mailserver. Just covering Postfix for now. 2025-07-28 21:08:28 -03:00
#1 - Define postfix_mynetworks as variable to adjust with local nets 2025-07-29 18:53:19 -03:00			`# The list of "trusted" remote SMTP clients that have more privileges than "strangers".`
			`postfix_mynetworks: "127.0.0.0/8 [::1]/128"`

#1 - Implement new ansible role for mailserver. Just covering Postfix for now. 2025-07-28 21:08:28 -03:00			`# The relayhost (smarthost) for all outgoing mail.`
			`# This variable MUST be set for the role to work as intended.`
			`# Example: "[smtp.sendgrid.net]:587"`
			`# Note: The square brackets [] are important to prevent MX record lookups.`
			`postfix_relayhost: ""`

			`# Optional credentials for the relayhost. If these are defined,`
			`# SASL authentication will be automatically configured.`
			`# postfix_relayhost_user: "apikey"`
feat: add support for Dovecot IMAP/POP3 configuration Introduces functionality to install and configure Dovecot alongside Postfix to provide IMAP/POP3 services. Changes include: - Added tasks to install Dovecot packages (core, imapd, pop3d, lmtpd). - Added templates for main configuration and conf.d files (auth, master, ssl, mail). - Defined default variables for protocols, SSL settings, and Maildir location. - Enabled Postfix SASL and LMTP integration options. - Added a handler to restart the Dovecot service. - Updated README.md with the new configuration variables and usage instructions. 2026-02-10 17:24:59 -03:00			`# postfix_relayhost_password: "YourVeryLongAndComplexApiKey"`

			`# --- Dovecot Configuration ---`

			`# Whether to install and configure Dovecot`
			`dovecot_enabled: true`

			`# Protocols to enable (imap, pop3, lmtp)`
			`dovecot_protocols: "imap pop3 lmtp"`

feat(dovecot): add support for configuring imap_capability This introduces the `dovecot_imap_capability` variable to allow customization of advertised IMAP capabilities. - Add `dovecot_imap_capability` to `defaults/main.yml` (defaulting to empty). - Update `templates/dovecot.conf.j2` to conditionally include the `protocol imap` block if the capability string is provided. - This enables operators to add or remove specific IMAP extensions (e.g., disabling `LITERAL+` or `NOTIFY`) for client compatibility. 2026-02-11 16:36:01 -03:00			`# IMAP capability adjustments. Set to modify advertised IMAP capabilities.`
			`# Use +CAPABILITY to add, -CAPABILITY to remove.`
			`# Example: "+IMAP4rev1 -LITERAL+ -NOTIFY" removes modern extensions that`
			`# might suppress standard untagged responses.`
			`# Leave empty to use Dovecot defaults.`
			`dovecot_imap_capability: ""`

feat: add support for Dovecot IMAP/POP3 configuration Introduces functionality to install and configure Dovecot alongside Postfix to provide IMAP/POP3 services. Changes include: - Added tasks to install Dovecot packages (core, imapd, pop3d, lmtpd). - Added templates for main configuration and conf.d files (auth, master, ssl, mail). - Defined default variables for protocols, SSL settings, and Maildir location. - Enabled Postfix SASL and LMTP integration options. - Added a handler to restart the Dovecot service. - Updated README.md with the new configuration variables and usage instructions. 2026-02-10 17:24:59 -03:00			`# Mail storage location. Using Maildir in the user's home directory.`
			`dovecot_mail_location: "maildir:~/Maildir"`

			`# SSL/TLS configuration`
			`# Use 'yes', 'no' or 'required'. 'required' is recommended for production.`
			`dovecot_ssl: "yes"`
docs: update README to reflect internal mail server scope Refactor the documentation to accurately describe the role as a complete internal mail server stack including Postfix and Dovecot. Changes include: - Expanded the description to explicitly list components and internal use cases. - Added a section clarifying excluded features (antispam/antivirus). - Reorganized role variables into General and Postfix configuration tables. - Cleaned up Markdown formatting and removed excessive bold styling. 2026-02-11 18:01:51 -03:00			`mail_ssl_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem"`
			`mail_ssl_key: "/etc/ssl/private/ssl-cert-snakeoil.key"`
feat: add support for Dovecot IMAP/POP3 configuration Introduces functionality to install and configure Dovecot alongside Postfix to provide IMAP/POP3 services. Changes include: - Added tasks to install Dovecot packages (core, imapd, pop3d, lmtpd). - Added templates for main configuration and conf.d files (auth, master, ssl, mail). - Defined default variables for protocols, SSL settings, and Maildir location. - Enabled Postfix SASL and LMTP integration options. - Added a handler to restart the Dovecot service. - Updated README.md with the new configuration variables and usage instructions. 2026-02-10 17:24:59 -03:00
			`# Authentication mechanisms`
			`dovecot_auth_mechanisms: "plain login"`

			`# Postfix integration`
			`dovecot_postfix_sasl_enable: true`
feat: add support for local dovecot users via passwd-file This introduces functionality to manage local Dovecot users utilizing a static `vmail` system user and a flat password file. Key changes: - Added `dovecot_users` configuration list to defaults. - Implemented creation of `vmail` user and group (uid/gid 5000). - Added logic to generate a random security token using `pwgen` to prefix user passwords. - Created `auth-dovecot-users.conf.ext` and `dovecot-users.j2` templates to handle `passwd-file` authentication. - Updated `10-auth.conf` to include the new local users configuration. - Updated README with usage instructions and token details. 2026-02-10 17:51:23 -03:00			`dovecot_postfix_lmtp_enable: true`

			`# Local Dovecot Users`
			`# Example:`
			`# dovecot_users:`
			`# - name: "service1"`
			`# pass: "secret123"`
			`dovecot_users: []`