feat: add support for Dovecot IMAP/POP3 configuration

Introduces functionality to install and configure Dovecot alongside Postfix to provide IMAP/POP3 services. Changes include: - Added tasks to install Dovecot packages (core, imapd, pop3d, lmtpd). - Added templates for main configuration and conf.d files (auth, master, ssl, mail). - Defined default variables for protocols, SSL settings, and Maildir location. - Enabled Postfix SASL and LMTP integration options. - Added a handler to restart the Dovecot service. - Updated README.md with the new configuration variables and usage instructions.
2026-02-10 17:24:59 -03:00
parent 2861687888
commit 87ce53d1d3
12 changed files with 181 additions and 3 deletions
--- a/.ansible/.lock
+++ b/.ansible/.lock
--- a/README.md
+++ b/README.md
@@ -37,6 +37,22 @@ The role's behavior can be customized using the following variables. The default
 | postfix_inet_interfaces | all | The network interfaces Postfix listens on. Set to loopback-only to only accept mail from the server itself. |
 | postfix_inet_protocols | all | The IP protocols to use (ipv4, ipv6, or all). |

+### **Dovecot Configuration**
+
+The role now supports installing and configuring Dovecot for IMAP/POP3 services.
+
+| Variable | Default Value | Description |
+| :---- | :---- | :---- |
+| dovecot_enabled | true | Whether to install and configure Dovecot. |
+| dovecot_protocols | "imap pop3 lmtp" | Protocols to enable. |
+| dovecot_mail_location | "maildir:~/Maildir" | Mail storage location. |
+| dovecot_ssl | "yes" | SSL/TLS configuration (yes, no, required). |
+| dovecot_ssl_cert | snakeoil | Path to SSL certificate. |
+| dovecot_ssl_key | snakeoil | Path to SSL key. |
+| dovecot_auth_mechanisms | "plain login" | Authentication mechanisms. |
+| dovecot_postfix_sasl_enable | true | Enable Postfix SASL authentication via Dovecot. |
+| dovecot_postfix_lmtp_enable | true | Enable Postfix delivery via Dovecot LMTP. |
+
 ### **SASL Authentication**

 SASL authentication for the smarthost is **automatically enabled** if both postfix_relayhost_user and postfix_relayhost_password are defined. If they are not defined, Postfix will attempt to send mail without authentication.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -34,4 +34,28 @@ postfix_relayhost: ""
 # Optional credentials for the relayhost. If these are defined,
 # SASL authentication will be automatically configured.
 # postfix_relayhost_user: "apikey"
-# postfix_relayhost_password: "YourVeryLongAndComplexApiKey"
+# postfix_relayhost_password: "YourVeryLongAndComplexApiKey"
+
+# --- Dovecot Configuration ---
+
+# Whether to install and configure Dovecot
+dovecot_enabled: true
+
+# Protocols to enable (imap, pop3, lmtp)
+dovecot_protocols: "imap pop3 lmtp"
+
+# Mail storage location. Using Maildir in the user's home directory.
+dovecot_mail_location: "maildir:~/Maildir"
+
+# SSL/TLS configuration
+# Use 'yes', 'no' or 'required'. 'required' is recommended for production.
+dovecot_ssl: "yes"
+dovecot_ssl_cert: "</etc/ssl/certs/ssl-cert-snakeoil.pem"
+dovecot_ssl_key: "</etc/ssl/private/ssl-cert-snakeoil.key"
+
+# Authentication mechanisms
+dovecot_auth_mechanisms: "plain login"
+
+# Postfix integration
+dovecot_postfix_sasl_enable: true
+dovecot_postfix_lmtp_enable: true
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -2,4 +2,9 @@
 - name: Restart Postfix
  ansible.builtin.service:
    name: postfix
+    state: restarted
+
+- name: Restart Dovecot
+  ansible.builtin.service:
+    name: dovecot
    state: restarted
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -52,4 +52,41 @@
      notify: Restart Postfix
  tags:
    - postfix_config
-    - postfix_smarthost
+    - postfix_smarthost
+
+- name: "DOVECOT | Install Dovecot packages"
+  when: dovecot_enabled | default(false)
+  ansible.builtin.apt:
+    name: "{{ ['dovecot-core', 'dovecot-imapd', 'dovecot-pop3d'] + (['dovecot-lmtpd'] if dovecot_postfix_lmtp_enable | default(false) else []) }}"
+    state: present
+  tags:
+    - dovecot_install
+
+- name: "DOVECOT | Configure dovecot.conf"
+  when: dovecot_enabled | default(false)
+  ansible.builtin.template:
+    src: dovecot.conf.j2
+    dest: /etc/dovecot/dovecot.conf
+    owner: root
+    group: dovecot
+    mode: '0644'
+  notify: Restart Dovecot
+  tags:
+    - dovecot_config
+
+- name: "DOVECOT | Configure conf.d files"
+  when: dovecot_enabled | default(false)
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "/etc/dovecot/conf.d/{{ item.dest }}"
+    owner: root
+    group: dovecot
+    mode: '0644'
+  loop:
+    - { src: '10-auth.conf.j2', dest: '10-auth.conf' }
+    - { src: '10-master.conf.j2', dest: '10-master.conf' }
+    - { src: '10-ssl.conf.j2', dest: '10-ssl.conf' }
+    - { src: '10-mail.conf.j2', dest: '10-mail.conf' }
+  notify: Restart Dovecot
+  tags:
+    - dovecot_config
--- a/templates/10-auth.conf.j2
+++ b/templates/10-auth.conf.j2
@@ -0,0 +1,7 @@
+# Dovecot authentication configuration
+# Ansible managed: {{ ansible_managed }}
+
+disable_plaintext_auth = {{ 'yes' if dovecot_ssl == 'required' else 'no' }}
+auth_mechanisms = {{ dovecot_auth_mechanisms }}
+
+!include auth-system.conf.ext
--- a/templates/10-mail.conf.j2
+++ b/templates/10-mail.conf.j2
@@ -0,0 +1,7 @@
+# Dovecot mail location configuration
+# Ansible managed: {{ ansible_managed }}
+
+mail_location = {{ dovecot_mail_location }}
+namespace inbox {
+  inbox = yes
+}
--- a/templates/10-master.conf.j2
+++ b/templates/10-master.conf.j2
@@ -0,0 +1,51 @@
+# Dovecot master configuration
+# Ansible managed: {{ ansible_managed }}
+
+service imap-login {
+  inet_listener imap {
+    port = 143
+  }
+  inet_listener imaps {
+    port = 993
+    ssl = yes
+  }
+}
+
+service pop3-login {
+  inet_listener pop3 {
+    port = 110
+  }
+  inet_listener pop3s {
+    port = 995
+    ssl = yes
+  }
+}
+
+service lmtp {
+  unix_listener /var/spool/postfix/private/dovecot-lmtp {
+    mode = 0600
+    user = postfix
+    group = postfix
+  }
+}
+
+service auth {
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0660
+    user = postfix
+    group = postfix
+  }
+
+  unix_listener auth-userdb {
+    mode = 0600
+    user = vmail
+  }
+}
+
+service auth-worker {
+}
+
+service dict {
+  unix_listener dict {
+  }
+}
--- a/templates/10-ssl.conf.j2
+++ b/templates/10-ssl.conf.j2
@@ -0,0 +1,6 @@
+# Dovecot SSL configuration
+# Ansible managed: {{ ansible_managed }}
+
+ssl = {{ dovecot_ssl }}
+ssl_cert = {{ dovecot_ssl_cert }}
+ssl_key = {{ dovecot_ssl_key }}
--- a/templates/dovecot.conf.j2
+++ b/templates/dovecot.conf.j2
@@ -0,0 +1,7 @@
+# Dovecot configuration file
+# Ansible managed: {{ ansible_managed }}
+
+protocols = {{ dovecot_protocols }}
+
+# Dictionary of configuration files
+!include conf.d/*.conf
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@@ -48,3 +48,21 @@ smtp_tls_security_level = may
 # Other settings
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
+
+# Dovecot Integration
+{% if dovecot_enabled | default(false) %}
+# Use Maildir format
+home_mailbox = Maildir/
+
+{% if dovecot_postfix_sasl_enable | default(false) %}
+# SASL Authentication via Dovecot
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_auth_enable = yes
+{% endif %}
+
+{% if dovecot_postfix_lmtp_enable | default(false) %}
+# Delivery via LMTP
+mailbox_transport = lmtp:unix:private/dovecot-lmtp
+{% endif %}
+{% endif %}
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
  remote_user: root
  roles:
-    - ansible_role_mailserver
+    - ansible_role_mail