From d61a4ddcef29c1489ac95778802d812a452b5d3d Mon Sep 17 00:00:00 2001
From: Luciano Giacchetta <luciano@gianet.us>
Date: Wed, 11 Mar 2026 12:40:37 -0300
Subject: [PATCH] fix: Dovecot in Debian Trixie => 2.4 has add / deprecated
 configurations

---
 molecule/default/Dockerfile              |  3 ++-
 molecule/default/converge.yml            |  5 +++++
 molecule/default/molecule.yml            |  8 ++++++++
 tasks/main.yml                           | 21 ++++++++++++++++++++-
 templates/10-auth.conf.j2                |  4 ++++
 templates/10-mail.conf.j2                |  8 +++++++-
 templates/10-ssl.conf.j2                 |  5 +++++
 templates/auth-dovecot-users.conf.ext.j2 | 17 +++++++++++++++++
 templates/dovecot.conf.j2                |  4 ++++
 9 files changed, 72 insertions(+), 3 deletions(-)

diff --git a/molecule/default/Dockerfile b/molecule/default/Dockerfile
index 2f0fcf5..dd844bc 100644
--- a/molecule/default/Dockerfile
+++ b/molecule/default/Dockerfile
@@ -1,4 +1,5 @@
-FROM docker.io/library/debian:stable
+ARG MOLECULE_DISTRO=docker.io/library/debian:stable
+FROM ${MOLECULE_DISTRO}
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index 16a9115..fe35d4e 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -2,5 +2,10 @@
 ---
 - name: Converge
   hosts: all
+  vars:
+    postfix_mail_domain: "test.local"
+    dovecot_users:
+      - name: "testuser"
+        pass: "testpass"
   roles:
     - role: ansible_role_mail
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 878ce77..e1971b9 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -13,6 +13,8 @@ platforms:
     image: docker.io/library/debian:stable
     pre_build_image: false
     dockerfile: Dockerfile
+    buildargs:
+      MOLECULE_DISTRO: docker.io/library/debian:stable
     privileged: true
     systemd: always
     command: /usr/sbin/init
@@ -21,6 +23,8 @@ platforms:
     image: docker.io/library/debian:oldstable
     pre_build_image: false
     dockerfile: Dockerfile
+    buildargs:
+      MOLECULE_DISTRO: docker.io/library/debian:oldstable
     privileged: true
     systemd: always
     command: /usr/sbin/init
@@ -29,6 +33,8 @@ platforms:
     image: docker.io/library/ubuntu:latest
     pre_build_image: false
     dockerfile: Dockerfile
+    buildargs:
+      MOLECULE_DISTRO: docker.io/library/ubuntu:latest
     privileged: true
     systemd: always
     command: /usr/sbin/init
@@ -37,6 +43,8 @@ platforms:
     image: docker.io/library/ubuntu:jammy
     pre_build_image: false
     dockerfile: Dockerfile
+    buildargs:
+      MOLECULE_DISTRO: docker.io/library/ubuntu:jammy
     privileged: true
     systemd: always
     command: /usr/sbin/init
diff --git a/tasks/main.yml b/tasks/main.yml
index 441b1ba..f26db23 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -62,13 +62,16 @@
     owner: root
     group: root
     mode: '0644'
+  register: virtual_mailbox_maps_template
   notify: Restart Postfix
   tags:
     - postfix_config
     - dovecot_config
 
 - name: "POSTFIX | Create hash map for virtual mailbox maps"
-  when: dovecot_enabled | default(false) and dovecot_postfix_lmtp_enable | default(false)
+  when:
+    - dovecot_enabled | default(false) and dovecot_postfix_lmtp_enable | default(false)
+    - virtual_mailbox_maps_template.changed
   ansible.builtin.command:
     cmd: postmap hash:/etc/postfix/virtual_mailbox_maps
   changed_when: true
@@ -168,6 +171,22 @@
   tags:
     - dovecot_config
 
+- name: "DOVECOT | Detect Dovecot version"
+  when: dovecot_enabled | default(false)
+  ansible.builtin.shell:
+    cmd: "dovecot --version | awk '{print $1}' | cut -d'(' -f1"
+  register: dovecot_version_raw
+  changed_when: false
+  tags:
+    - dovecot_config
+
+- name: "DOVECOT | Set Dovecot major version fact"
+  when: dovecot_enabled | default(false)
+  ansible.builtin.set_fact:
+    dovecot_major_version: "{{ dovecot_version_raw.stdout.split('.')[0] | int }}.{{ dovecot_version_raw.stdout.split('.')[1] | int }}"
+  tags:
+    - dovecot_config
+
 - name: "DOVECOT | Configure dovecot.conf"
   when: dovecot_enabled | default(false)
   ansible.builtin.template:
diff --git a/templates/10-auth.conf.j2 b/templates/10-auth.conf.j2
index b7e36ac..2da18b6 100644
--- a/templates/10-auth.conf.j2
+++ b/templates/10-auth.conf.j2
@@ -1,7 +1,11 @@
 # Dovecot authentication configuration
 # Ansible managed: {{ ansible_managed }}
 
+{% if dovecot_major_version is defined and dovecot_major_version is version('2.4', '>=') %}
+auth_allow_cleartext = {{ 'no' if dovecot_ssl == 'required' else 'yes' }}
+{% else %}
 disable_plaintext_auth = {{ 'yes' if dovecot_ssl == 'required' else 'no' }}
+{% endif %}
 auth_mechanisms = {{ dovecot_auth_mechanisms }}
 
 !include auth-dovecot-users.conf.ext
diff --git a/templates/10-mail.conf.j2 b/templates/10-mail.conf.j2
index edddf85..526d76f 100644
--- a/templates/10-mail.conf.j2
+++ b/templates/10-mail.conf.j2
@@ -1,7 +1,13 @@
 # Dovecot mail location configuration
 # Ansible managed: {{ ansible_managed }}
-
+{% if dovecot_major_version is defined and dovecot_major_version is version('2.4', '>=') %}
+{% set _driver = dovecot_mail_location.split(':')[0] %}
+{% set _path = dovecot_mail_location.split(':')[1] %}
+mail_driver = {{ _driver }}
+mail_path = {{ _path }}
+{% else %}
 mail_location = {{ dovecot_mail_location }}
+{% endif %}
 namespace inbox {
   inbox = yes
 
diff --git a/templates/10-ssl.conf.j2 b/templates/10-ssl.conf.j2
index 9141113..373d157 100644
--- a/templates/10-ssl.conf.j2
+++ b/templates/10-ssl.conf.j2
@@ -2,5 +2,10 @@
 # Ansible managed: {{ ansible_managed }}
 
 ssl = {{ dovecot_ssl }}
+{% if dovecot_major_version is defined and dovecot_major_version is version('2.4', '>=') %}
+ssl_server_cert_file = {{ mail_ssl_cert }}
+ssl_server_key_file = {{ mail_ssl_key }}
+{% else %}
 ssl_cert = <{{ mail_ssl_cert }}
 ssl_key = <{{ mail_ssl_key }}
+{% endif %}
diff --git a/templates/auth-dovecot-users.conf.ext.j2 b/templates/auth-dovecot-users.conf.ext.j2
index cc72d53..528fd32 100644
--- a/templates/auth-dovecot-users.conf.ext.j2
+++ b/templates/auth-dovecot-users.conf.ext.j2
@@ -1,5 +1,21 @@
 # Dovecot local users authentication
 # Ansible managed: {{ ansible_managed }}
+{% if dovecot_major_version is defined and dovecot_major_version is version('2.4', '>=') %}
+
+passdb passwd-file {
+  default_password_scheme = SHA512-CRYPT
+  auth_username_format = %{user|username}
+  passwd_file_path = /etc/dovecot/users
+}
+
+userdb static {
+  fields {
+    uid = vmail
+    gid = vmail
+    home = /var/vmail/%{user|username}
+  }
+}
+{% else %}
 
 passdb {
   driver = passwd-file
@@ -10,3 +26,4 @@ userdb {
   driver = static
   args = uid=vmail gid=vmail home=/var/vmail/%n
 }
+{% endif %}
diff --git a/templates/dovecot.conf.j2 b/templates/dovecot.conf.j2
index 36604db..1afa899 100644
--- a/templates/dovecot.conf.j2
+++ b/templates/dovecot.conf.j2
@@ -1,5 +1,9 @@
 # Dovecot configuration file
 # Ansible managed: {{ ansible_managed }}
+{% if dovecot_major_version is defined and dovecot_major_version is version('2.4', '>=') %}
+dovecot_config_version = 2.4.0
+dovecot_storage_version = 2.4.0
+{% endif %}
 
 protocols = {{ dovecot_protocols }}
 {% if dovecot_imap_capability | default('') | length > 0 %}