feat(mail): Add dovecot configuration

2023-12-17 18:08:54 +01:00 · 2023-12-17 18:08:54 +01:00 · 39119a4ffa
commit 39119a4ffa
parent 10087b354b
7 changed files with 190 additions and 0 deletions
--- a/host_vars/mx.test.infra.auro.re.yml
+++ b/host_vars/mx.test.infra.auro.re.yml
@ -1,4 +1,12 @@
 ---
+dovecot__auth_default_realm: test.auro.re
+dovecot__auth_users:
+  jeltz@test.auro.re: "{plain}password"
+  lafeych@test.auro.re: "{plain}password"
+  toto@test.auro.re: "{plain}password"
+  root@test.auro.re: "{plain}L9yXSrCbbafMlMls5q7WWMKC612XNbXL"
+dovecot__lmtp_postmaster_address: postmaster@test.auro.re
+
 ifupdown2__interfaces:
  ext0:
    addresses:
--- a/playbooks/mail.yml
+++ b/playbooks/mail.yml
@ -4,4 +4,5 @@
    - vm_test
  roles:
    - postfix
+    - dovecot
 ...
--- a/roles/dovecot/defaults/main.yml
+++ b/roles/dovecot/defaults/main.yml
@ -0,0 +1,3 @@
+---
+dovecot__auth_users: {}
+...
--- a/roles/dovecot/handlers/main.yml
+++ b/roles/dovecot/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: Reload dovecot
+  systemd:
+    name: dovecot.service
+    state: reloaded
+...
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@ -0,0 +1,47 @@
+---
+- name: Install dovecot
+  apt:
+    name:
+      - dovecot-core
+      - dovecot-imapd
+      - dovecot-lmtpd
+      - dovecot-managesieved
+      - dovecot-sieve
+
+- name: Create group vmail for dovecot
+  group:
+    name: vmail
+
+- name: Create account vmail for dovecot
+  user:
+    group: vmail
+    home: /srv/mail
+    name: vmail
+    password: "!"
+    system: true
+
+- name: Configure dovecot main configuration
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - src: dovecot.conf.j2
+      dest: /etc/dovecot/dovecot.conf
+      group: root
+      mode: u=rw,g=,o=
+    - src: auth.j2
+      dest: /etc/dovecot/auth
+      group: dovecot
+      mode: u=rw,g=r,o=
+  notify:
+    - Reload dovecot
+
+- name: Enable and start dovecot
+  systemd:
+    name: dovecot.service
+    state: started
+    enabled: true
+...
--- a/roles/dovecot/templates/auth.j2
+++ b/roles/dovecot/templates/auth.j2
@ -0,0 +1,5 @@
+{{ ansible_managed | comment }}
+
+{% for user, passwd in dovecot__auth_users.items() %}
+{{ user }}:{{ passwd }}
+{% endfor %}
--- a/roles/dovecot/templates/dovecot.conf.j2
+++ b/roles/dovecot/templates/dovecot.conf.j2
@ -0,0 +1,120 @@
+protocols = imap lmtp sieve
+
+ssl = yes
+ssl_cert = </etc/dovecot/private/dovecot.pem
+ssl_client_ca_dir = /etc/ssl/certs
+ssl_dh = </usr/share/dovecot/dh.pem
+ssl_key = </etc/dovecot/private/dovecot.key
+
+service stats {
+	inet_listener http {
+		port = 9900
+	}
+}
+
+metric auth_success {
+  filter = (event=auth_request_finished AND success=yes)
+}
+
+metric imap_command {
+  filter = event=imap_command_finished
+  group_by = cmd_name tagged_reply_state
+}
+
+metric smtp_command {
+  filter = event=smtp_server_command_finished
+  group_by = cmd_name status_code duration:exponential:1:5:10
+}
+
+metric mail_delivery {
+  filter = event=mail_delivery_finished
+  group_by = duration:exponential:1:5:10
+}
+
+service imap-login {
+	inet_listener imap {
+		port = 0
+	}
+	inet_listener imaps {
+		port = 993
+	}
+}
+
+service lmtp {
+	unix_listener /var/spool/postfix/private/dovecot-lmtp {
+		mode = 0660
+		group = postfix
+		user = postfix
+	}
+	# TODO
+	user = vmail
+}
+
+service auth {
+	unix_listener /var/spool/postfix/private/auth {
+		mode = 0660
+		user = postfix
+		group = postfix
+	}
+	# TODO
+	unix_listener auth-userdb {
+		mode = 0660
+		user = vmail
+		group = vmail
+	}
+}
+
+protocol imap {
+	mail_plugins = imap_sieve
+	mail_max_userip_connections = 20 # TODO
+	imap_idle_notify_interval = 29 mins # TODO
+}
+
+protocol lmtp {
+	postmaster_address = {{ dovecot__lmtp_postmaster_address | enquote }}
+	mail_plugins = sieve notify push_notification # TODO sieve ??
+}
+
+auth_default_realm = {{ dovecot__auth_default_realm | enquote }}
+
+auth_mechanisms = plain
+auth_username_format = %Lu
+disable_plaintext_auth = yes
+
+mail_uid = vmail
+mail_gid = vmail
+mail_privileged_group = vmail
+
+mail_home = /srv/mail/%d/%n
+mail_location = maildir:~/mail:LAYOUT=fs
+
+
+# TODO userdb vs passdb
+passdb {
+	driver = passwd-file
+	args = username_format=%u /etc/dovecot/auth
+}
+
+namespace inbox {
+	inbox = yes
+
+	mailbox Spam {
+		auto = subscribe
+		special_use = \Junk
+	}
+
+	mailbox Trash {
+		auto = subscribe
+		special_use = \Trash
+	}
+
+	mailbox Drafts {
+		auto = subscribe
+		special_use = \Drafts
+	}
+
+	mailbox Sent {
+		auto = subscribe
+		special_use = \Sent
+	}
+}