imfreedom/ansible

make the mail user/group/home values variables and other cleanups

2021-11-23, Gary Kramlich
328311faa7fc
Parents 8cd603b36ce7
Children 30b8274a7640
make the mail user/group/home values variables and other cleanups
9 files changed, 61 insertions(+), 59 deletions(-)
  • +4 -0
    roles/mail/defaults/main.yaml
  • +0 -10
    roles/mail/files/dovecot-10-auth-checkpassword.conf
  • +0 -1
    roles/mail/files/dovecot.certbot
  • +15 -24
    roles/mail/tasks/dovecot.yaml
  • +7 -6
    roles/mail/tasks/main.yaml
  • +0 -13
    roles/mail/tasks/software.yaml
  • +24 -0
    roles/mail/tasks/user.yaml
  • +9 -0
    roles/mail/templates/dovecot-10-auth-checkpassword.conf.j2
  • +2 -5
    roles/mail/templates/dovecot-auth-imf-hub.py.j2
    • --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/mail/defaults/main.yaml Tue Nov 23 05:37:26 2021 -0600
    @@ -0,0 +1,4 @@
    +---
    +mail_group: "vmail"
    +mail_user: "vmail"
    +mail_home: "/srv/mail"
    --- a/roles/mail/files/dovecot-10-auth-checkpassword.conf Tue Nov 23 03:27:35 2021 -0600
    +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
    @@ -1,10 +0,0 @@
    -passdb {
    - driver = checkpassword
    - args = /usr/local/bin/dovecot-auth-imf-hub.py
    -}
    -
    -userdb {
    - driver = static
    - args = uid=vmail gid=vmail
    -}
    -
    --- a/roles/mail/files/dovecot.certbot Tue Nov 23 03:27:35 2021 -0600
    +++ b/roles/mail/files/dovecot.certbot Tue Nov 23 05:37:26 2021 -0600
    @@ -1,4 +1,3 @@
    #!/bin/sh -eu
    systemctl reload dovecot
    -
    --- a/roles/mail/tasks/dovecot.yaml Tue Nov 23 03:27:35 2021 -0600
    +++ b/roles/mail/tasks/dovecot.yaml Tue Nov 23 05:37:26 2021 -0600
    @@ -1,27 +1,18 @@
    ---
    -- name: "add vmail group"
    - group:
    - name: "vmail"
    - system: "yes"
    +- name: "install dovecot"
    + apt:
    + name: "{{ mail_packages }}"
    + state: "present"
    + cache_valid_time: 3600
    + force_apt_get: "yes"
    + vars:
    + mail_packages:
    + - "dovecot-core"
    + - "dovecot-imapd"
    + - "dovecot-lmtpd"
    + - "dovecot-sieve"
    tags:
    - - "group"
    - - "user"
    -- name: "add vmail user"
    - user:
    - name: "vmail"
    - group: "vmail"
    - system: "yes"
    - home: "/nonexistent"
    - shell: "/bin/false"
    - tags:
    - - "user"
    -- name: "create /srv/mail directory"
    - file:
    - path: "/srv/mail"
    - state: "directory"
    - mode: "0750"
    - owner: "vmail"
    - group: "vmail"
    + - "dovecot"
    - name: "symlink tls certs"
    file:
    src: "{{ item.src }}"
    @@ -46,8 +37,8 @@
    notify:
    - "reload dovecot"
    - name: "add checkpassword based auth configuration"
    - copy:
    - src: "dovecot-10-auth-checkpassword.conf"
    + template:
    + src: "dovecot-10-auth-checkpassword.conf.j2"
    dest: "/etc/dovecot/conf.d/10-auth-checkpassword.conf"
    mode: "0644"
    notify:
    --- a/roles/mail/tasks/main.yaml Tue Nov 23 03:27:35 2021 -0600
    +++ b/roles/mail/tasks/main.yaml Tue Nov 23 05:37:26 2021 -0600
    @@ -15,6 +15,13 @@
    - "mail"
    tags:
    - "always"
    +- include_tasks: "user.yaml"
    + args:
    + apply:
    + tags:
    + - "mail"
    + tags:
    + - "always"
    - include_tasks: "dovecot.yaml"
    args:
    apply:
    @@ -23,9 +30,3 @@
    - "mail"
    tags:
    - "always"
    -- include_tasks: "mailman.yaml"
    - args:
    - apply:
    - tags:
    - - "mail"
    - - "mailman"
    --- a/roles/mail/tasks/software.yaml Tue Nov 23 03:27:35 2021 -0600
    +++ b/roles/mail/tasks/software.yaml Tue Nov 23 05:37:26 2021 -0600
    @@ -1,14 +1,1 @@
    ---
    -- name: "install dovecot"
    - apt:
    - name: "{{ mail_packages }}"
    - state: "present"
    - cache_valid_time: 3600
    - force_apt_get: "yes"
    - vars:
    - mail_packages:
    - - "dovecot-core"
    - - "dovecot-imapd"
    - - "dovecot-lmtpd"
    - tags:
    - - "dovecot"
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/mail/tasks/user.yaml Tue Nov 23 05:37:26 2021 -0600
    @@ -0,0 +1,24 @@
    +---
    +- name: "add vmail group"
    + group:
    + name: "{{ mail_group }}"
    + system: "yes"
    + tags:
    + - "group"
    + - "user"
    +- name: "add vmail user"
    + user:
    + name: "{{ mail_user }}"
    + group: "vmail"
    + system: "yes"
    + home: "/nonexistent"
    + shell: "/bin/false"
    + tags:
    + - "user"
    +- name: "create mail directory"
    + file:
    + path: "{{ mail_home }}"
    + state: "directory"
    + mode: "0750"
    + owner: "{{ mail_user }}"
    + group: "{{ mail_group }}"
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/mail/templates/dovecot-10-auth-checkpassword.conf.j2 Tue Nov 23 05:37:26 2021 -0600
    @@ -0,0 +1,9 @@
    +passdb {
    + driver = checkpassword
    + args = /usr/local/bin/dovecot-auth-imf-hub.py
    +}
    +
    +userdb {
    + driver = static
    + args = uid={{ mail_user }} gid={{ mail_group }} home={{ mail_home }}/%d/%n
    +}
    --- a/roles/mail/templates/dovecot-auth-imf-hub.py.j2 Tue Nov 23 03:27:35 2021 -0600
    +++ b/roles/mail/templates/dovecot-auth-imf-hub.py.j2 Tue Nov 23 05:37:26 2021 -0600
    @@ -25,10 +25,8 @@
    "imfreedom.org": ["IMF Board"],
    }
    -vmail_uid = "998"
    -vmail_gid = "998"
    -
    -vmail_path_format = "/srv/mail/{domain}/{user}"
    +vmail_uid = "{{ mail_user }}"
    +vmail_gid = "{{ mail_group }}"
    http_timeout = 30
    @@ -148,7 +146,6 @@
    "userdb_uid": vmail_uid,
    "userdb_gid": vmail_gid,
    "INSECURE_SETUID": "1",
    - "HOME": vmail_path_format.format(user=user, domain=domain),
    "EXTRA": "userdb_uid userdb_gid"
    })