engineering/ansible_role_mail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c9892b9e51d037e4688285405da8b8532f374129
ansible_role_mail/defaults/main.yml
Luciano Giacchetta dfd5d89905 feat: add support for local dovecot users via passwd-file 
This introduces functionality to manage local Dovecot users utilizing a
static `vmail` system user and a flat password file.

Key changes:
- Added `dovecot_users` configuration list to defaults.
- Implemented creation of `vmail` user and group (uid/gid 5000).
- Added logic to generate a random security token using `pwgen` to prefix
  user passwords.
- Created `auth-dovecot-users.conf.ext` and `dovecot-users.j2` templates
  to handle `passwd-file` authentication.
- Updated `10-auth.conf` to include the new local users configuration.
- Updated README with usage instructions and token details.
2026-02-10 17:51:23 -03:00

68 lines
2.6 KiB
YAML
Raw Blame History

#
# Default variables for the role. These can be overridden in your inventory
# or playbook to customize the deployment.
#
# The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" or "ipv6", separated by whitespace or commas.
# The form "all" is equivalent to "ipv4, ipv6" or "ipv4", depending on whether the operating system implements IPv6.
postfix_inet_protocols: "all"
# The local network interface addresses that this mail system receives mail on. Specify "all" to receive mail on all network interfaces (default),
# "loopback-only" to receive mail on loopback network interfaces only (Postfix version 2.2 and later), or zero or more IPv4 or IPv6 addresses
# (IPv6 is supported in Postfix version 2.2 and later)
postfix_inet_interfaces: "all"
# The primary mail domain for this server.
postfix_mail_domain: "{{ ansible_domain | default('internal.local') }}"
# The Fully Qualified Domain Name of the mail server.
postfix_myhostname: "mail.{{ postfix_mail_domain }}"
# Comma-separated list of domains this server accepts mail for.
# It's critical that this includes the server's own hostname and mail domain.
postfix_mydestination: "$myhostname, localhost.{{ postfix_mail_domain }}, localhost, {{ postfix_mail_domain }}"
# The list of "trusted" remote SMTP clients that have more privileges than "strangers".
postfix_mynetworks: "127.0.0.0/8 [::1]/128"
# The relayhost (smarthost) for all outgoing mail.
# This variable MUST be set for the role to work as intended.
# Example: "[smtp.sendgrid.net]:587"
# Note: The square brackets [] are important to prevent MX record lookups.
postfix_relayhost: ""
# Optional credentials for the relayhost. If these are defined,
# SASL authentication will be automatically configured.
# postfix_relayhost_user: "apikey"
# postfix_relayhost_password: "YourVeryLongAndComplexApiKey"
# --- Dovecot Configuration ---
# Whether to install and configure Dovecot
dovecot_enabled: true
# Protocols to enable (imap, pop3, lmtp)
dovecot_protocols: "imap pop3 lmtp"
# Mail storage location. Using Maildir in the user's home directory.
dovecot_mail_location: "maildir:~/Maildir"
# SSL/TLS configuration
# Use 'yes', 'no' or 'required'. 'required' is recommended for production.
dovecot_ssl: "yes"
dovecot_ssl_cert: "</etc/ssl/certs/ssl-cert-snakeoil.pem"
dovecot_ssl_key: "</etc/ssl/private/ssl-cert-snakeoil.key"
# Authentication mechanisms
dovecot_auth_mechanisms: "plain login"
# Postfix integration
dovecot_postfix_sasl_enable: true
dovecot_postfix_lmtp_enable: true
# Local Dovecot Users
# Example:
# dovecot_users:
# - name: "service1"
# pass: "secret123"
dovecot_users: []
Reference in New Issue View Git Blame Copy Permalink