From e350a39a29491a9f1646465136de32c3b637161c Mon Sep 17 00:00:00 2001 From: Luciano Giacchetta Date: Tue, 10 Feb 2026 18:10:01 -0300 Subject: [PATCH] refactor(dovecot): replace template hashing with openssl command - Add `openssl` to the list of installed packages to ensure CLI availability. - Introduce a new task to generate user password hashes using `openssl passwd -6` on the target host instead of relying on the Jinja2 `password_hash` filter. - Update `dovecot-users.j2` template to utilize the registered output from the new OpenSSL task. - This ensures consistent SHA512-CRYPT hash generation independent of the controller's Python environment or hashing libraries. --- tasks/main.yml | 14 +++++++++++++- templates/dovecot-users.j2 | 6 ++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index a2a6390..ae73e8d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -57,7 +57,7 @@ - name: "DOVECOT | Install Dovecot packages" when: dovecot_enabled | default(false) ansible.builtin.apt: - name: "{{ ['dovecot-core', 'dovecot-imapd', 'dovecot-pop3d'] + (['dovecot-lmtpd'] if dovecot_postfix_lmtp_enable | default(false) else []) }}" + name: "{{ ['dovecot-core', 'dovecot-imapd', 'dovecot-pop3d', 'openssl'] + (['dovecot-lmtpd'] if dovecot_postfix_lmtp_enable | default(false) else []) }}" state: present tags: - dovecot_install @@ -108,6 +108,18 @@ tags: - dovecot_config +- name: "DOVECOT | Generate user password hashes" + when: dovecot_enabled | default(false) and dovecot_users | length > 0 + ansible.builtin.command: + cmd: "openssl passwd -6 -salt {{ dovecot_token_value | quote }} {{ (dovecot_token_value + item.pass) | quote }}" + loop: "{{ dovecot_users }}" + register: dovecot_user_hashes + changed_when: false + vars: + dovecot_token_value: "{{ dovecot_token_file['content'] | b64decode | trim }}" + tags: + - dovecot_config + - name: "DOVECOT | Create users password file" when: dovecot_enabled | default(false) ansible.builtin.template: diff --git a/templates/dovecot-users.j2 b/templates/dovecot-users.j2 index ac90e0a..1f6db51 100644 --- a/templates/dovecot-users.j2 +++ b/templates/dovecot-users.j2 @@ -1,6 +1,8 @@ # Dovecot users file # Ansible managed: {{ ansible_managed }} # user:{scheme}hash:uid:gid:gecos:home:shell:extra_fields -{% for user in dovecot_users %} -{{ user.name }}:{SHA512-CRYPT}{{ (dovecot_token_value + user.pass) | password_hash('sha512', dovecot_token_value) }}:::::: +{% if dovecot_user_hashes.results is defined %} +{% for res in dovecot_user_hashes.results %} +{{ res.item.name }}:{SHA512-CRYPT}{{ res.stdout | trim }}:::::: {% endfor %} +{% endif %} \ No newline at end of file