engineering/ansible_role_mail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3-Implement-IMAP/POP
ansible_role_mail/tasks/main.yml
Luciano Giacchetta f76e0a31ae feat(postfix): implement virtual mailbox configuration for Dovecot LMTP 
Updates the Postfix configuration to correctly handle virtual domains when Dovecot LMTP is enabled, moving away from local system delivery settings.

- Removes `postfix_mail_domain` from `postfix_mydestination` to prevent conflicts with virtual domain handling.
- Updates `main.cf` to set `virtual_transport`, `virtual_mailbox_domains`, and `virtual_mailbox_maps` instead of `mailbox_transport`.
- Adds a new template `virtual_mailbox_maps.j2` to authorize specific users defined in `dovecot_users`.
- Adds tasks to generate the virtual mailbox map file and run `postmap` upon changes.
2026-02-11 14:49:22 -03:00

199 lines
5.6 KiB
YAML
Raw Permalink Blame History

---
- name: "POSTFIX | Install postfix package"
ansible.builtin.apt:
name:
- postfix
- postfix-pcre # Often useful for advanced matching
- libsasl2-modules # Required for SASL authentication
state: present
update_cache: true
tags:
- postfix_install
- name: "POSTFIX | Configure /etc/mailname"
ansible.builtin.copy:
content: "{{ postfix_mail_domain }}\n"
dest: /etc/mailname
owner: root
group: root
mode: '0644'
tags:
- postfix_config
- name: "POSTFIX | Configure main.cf"
ansible.builtin.template:
src: main.cf.j2
dest: /etc/postfix/main.cf
owner: root
group: root
mode: '0644'
validate: 'postfix check -c %s' # Validates the template before deploying
notify: Restart Postfix # Triggers the handler to restart the service
tags:
- postfix_config
- name: "POSTFIX | Configure smarthost credentials (if defined)"
when: postfix_relayhost_user is defined and postfix_relayhost_password is defined
block:
- name: "POSTFIX | Template the SASL password file"
ansible.builtin.template:
src: sasl_passwd.j2
dest: /etc/postfix/sasl_passwd
owner: root
group: root
mode: '0600' # Secure permissions for file with credentials
no_log: true # Prevents credentials from being displayed in Ansible logs
notify: Restart Postfix
- name: "POSTFIX | Create hash map for SASL password file"
ansible.builtin.command:
cmd: postmap hash:/etc/postfix/sasl_passwd
changed_when: true # The postmap command always updates the .db file
notify: Restart Postfix
tags:
- postfix_config
- postfix_smarthost
- name: "POSTFIX | Configure virtual mailbox maps"
when: dovecot_enabled | default(false) and dovecot_postfix_lmtp_enable | default(false)
ansible.builtin.template:
src: virtual_mailbox_maps.j2
dest: /etc/postfix/virtual_mailbox_maps
owner: root
group: root
mode: '0644'
notify: Restart Postfix
tags:
- postfix_config
- dovecot_config
- name: "POSTFIX | Create hash map for virtual mailbox maps"
when: dovecot_enabled | default(false) and dovecot_postfix_lmtp_enable | default(false)
ansible.builtin.command:
cmd: postmap hash:/etc/postfix/virtual_mailbox_maps
changed_when: true
notify: Restart Postfix
tags:
- postfix_config
- dovecot_config
- name: "DOVECOT | Install Dovecot packages"
when: dovecot_enabled | default(false)
ansible.builtin.apt:
name: "{{ ['dovecot-core', 'dovecot-imapd', 'dovecot-pop3d', 'openssl'] + (['dovecot-lmtpd'] if dovecot_postfix_lmtp_enable | default(false) else []) }}"
state: present
tags:
- dovecot_install
- name: "DOVECOT | Install pwgen"
when: dovecot_enabled | default(false)
ansible.builtin.apt:
name: pwgen
state: present
tags:
- dovecot_install
- name: "DOVECOT | Generate Dovecot token"
when: dovecot_enabled | default(false)
ansible.builtin.shell:
cmd: "pwgen -s 16 1 > /etc/dovecot/dovecot_token"
creates: /etc/dovecot/dovecot_token
tags:
- dovecot_config
- name: "DOVECOT | Read Dovecot token"
when: dovecot_enabled | default(false)
ansible.builtin.slurp:
src: /etc/dovecot/dovecot_token
register: dovecot_token_file
tags:
- dovecot_config
- name: "DOVECOT | Create vmail group"
when: dovecot_enabled | default(false)
ansible.builtin.group:
name: vmail
gid: 5000
state: present
tags:
- dovecot_config
- name: "DOVECOT | Create vmail user"
when: dovecot_enabled | default(false)
ansible.builtin.user:
name: vmail
uid: 5000
group: vmail
home: /var/vmail
create_home: true
system: true
shell: /usr/sbin/nologin
tags:
- dovecot_config
- name: "DOVECOT | Ensure vmail directory permissions"
when: dovecot_enabled | default(false)
ansible.builtin.file:
path: /var/vmail
state: directory
owner: vmail
group: vmail
mode: '0700'
tags:
- dovecot_config
- name: "DOVECOT | Generate user password hashes"
when: dovecot_enabled | default(false) and dovecot_users | length > 0
ansible.builtin.command:
cmd: "openssl passwd -6 -salt {{ dovecot_token_value | quote }} {{ (dovecot_token_value + item.pass) | quote }}"
loop: "{{ dovecot_users }}"
register: dovecot_user_hashes
changed_when: false
vars:
dovecot_token_value: "{{ dovecot_token_file['content'] | b64decode | trim }}"
tags:
- dovecot_config
- name: "DOVECOT | Create users password file"
when: dovecot_enabled | default(false)
ansible.builtin.template:
src: dovecot-users.j2
dest: /etc/dovecot/users
owner: root
group: dovecot
mode: '0640'
vars:
dovecot_token_value: "{{ dovecot_token_file['content'] | b64decode | trim }}"
notify: Restart Dovecot
tags:
- dovecot_config
- name: "DOVECOT | Configure dovecot.conf"
when: dovecot_enabled | default(false)
ansible.builtin.template:
src: dovecot.conf.j2
dest: /etc/dovecot/dovecot.conf
owner: root
group: dovecot
mode: '0644'
notify: Restart Dovecot
tags:
- dovecot_config
- name: "DOVECOT | Configure conf.d files"
when: dovecot_enabled | default(false)
ansible.builtin.template:
src: "{{ item.src }}"
dest: "/etc/dovecot/conf.d/{{ item.dest }}"
owner: root
group: dovecot
mode: '0644'
loop:
- { src: '10-auth.conf.j2', dest: '10-auth.conf' }
- { src: 'auth-dovecot-users.conf.ext.j2', dest: 'auth-dovecot-users.conf.ext' }
- { src: '10-master.conf.j2', dest: '10-master.conf' }
- { src: '10-ssl.conf.j2', dest: '10-ssl.conf' }
- { src: '10-mail.conf.j2', dest: '10-mail.conf' }
notify: Restart Dovecot
tags:
- dovecot_config
Reference in New Issue View Git Blame Copy Permalink