trombik.dovecot
ansible-role-dovecot
配置 dovecot。
需求
无
角色变量
| 变量 | 描述 | 默认值 |
|---|---|---|
dovecot_user |
dovecot 用户名 |
{{ __dovecot_user }} |
dovecot_group |
dovecot 组名 |
{{ __dovecot_group }} |
dovecot_service |
dovecot 服务名 |
{{ __dovecot_service }} |
dovecot_package |
dovecot 包名 |
{{ __dovecot_package }} |
dovecot_extra_packages |
要安装的额外包列表 | [] |
dovecot_conf_dir |
dovecot.conf 所在目录路径 |
{{ __dovecot_conf_dir }} |
dovecot_confd_dir |
conf.d 的路径 |
{{ dovecot_conf_dir }}/conf.d |
dovecot_conf_file |
dovecot.conf(5) 的路径 |
{{ __dovecot_conf_dir }}/dovecot.conf |
dovecot_flags |
额外的 dovecot 守护进程标志 |
"" |
dovecot_base_dir |
dovecot.conf(5) 中的 base_dir |
{{ __dovecot_base_dir }} |
dovecot_config |
dovecot.conf(5) 的内容 |
"" |
dovecot_config_fragments |
额外配置文件片段的字典列表。详见下文 | [] |
dovecot_login_class |
要添加到 login.conf(5) 的登录类,仅在 ansible_os_family 为 OpenBSD 时使用 |
{{ __dovecot_login_class }} |
dovecot_extra_groups |
额外的组列表以添加 dovecot 用户 |
[] |
dovecot_include_role_x509_certificate |
在剧本中包含 trombik.x509_certificate 角色 |
no |
dovecot_config_fragments
该变量是额外配置文件片段的字典列表,位于 dovecot_confd_dir 下。
| 键 | 描述 | 是否必须 |
|---|---|---|
name |
文件名 | 是 |
state |
absent 或 present |
是 |
content |
文件内容 | 是 |
mode |
文件模式 | 否 |
owner |
文件所有者 | 否 |
group |
文件组 | 否 |
FreeBSD
| 变量 | 默认值 |
|---|---|
__dovecot_user |
dovecot |
__dovecot_group |
dovecot |
__dovecot_conf_dir |
/usr/local/etc/dovecot |
__dovecot_service |
dovecot |
__dovecot_package |
mail/dovecot |
__dovecot_base_dir |
/var/run/dovecot |
__dovecot_login_class |
"" |
OpenBSD
| 变量 | 默认值 |
|---|---|
__dovecot_user |
_dovecot |
__dovecot_group |
_dovecot |
__dovecot_conf_dir |
/etc/dovecot |
__dovecot_service |
dovecot |
__dovecot_package |
dovecot |
__dovecot_base_dir |
/var/run/dovecot |
__dovecot_login_class |
见下文 |
dovecot:\
:openfiles-cur=512:\
:openfiles-max=2048:\
:tc=daemon:
Debian
| 变量 | 默认值 |
|---|---|
__dovecot_user |
dovecot |
__dovecot_group |
dovecot |
__dovecot_conf_dir |
/etc/dovecot |
__dovecot_service |
dovecot |
__dovecot_package |
dovecot-core |
__dovecot_base_dir |
/var/run/dovecot |
__dovecot_login_class |
"" |
TLS/SSL 支持
该角色通过在剧本中导入 trombik.x509_certificate 来实现 TLS/SSL 支持。
trombik.x509_certificate
需要在 requirements.yml 中列出,并将 dovecot_include_role_x509_certificate 设置为 yes。
请查看 tests/serverspec/default.yml 了解示例。
依赖关系
无
示例剧本
- hosts: localhost
roles:
- ansible-role-dovecot
vars:
x509_certificate_debug_log: yes
x509_certificate:
- name: dovecot
state: present
public:
path: "{{ dovecot_conf_dir }}/ssl/dovecot_pub.pem"
owner: "{{ dovecot_user }}"
key: |
-----BEGIN CERTIFICATE-----
MIIFjTCCA3WgAwIBAgIJAOWEMp5KrvqIMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNV
BAYTAlRIMRAwDgYDVQQIDAdCYW5na29rMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn
aXRzIFB0eSBMdGQxGTAXBgNVBAMMEGEubXgudHJvbWJpay5vcmcwHhcNMTcxMjAx
MDM1NzA5WhcNMTgxMjAxMDM1NzA5WjBdMQswCQYDVQQGEwJUSDEQMA4GA1UECAwH
QmFuZ2tvazEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRkwFwYD
VQQDDBBhLm14LnRyb21iaWsub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAsqn3qdkjpvXn3vWIdPCCwGCQdaPhOxiyR0lVd3HfZOZpUM9u2Y+alXZx
exaOeMVIc8Ucazz49e1cgAYW+j4Y7roortcWpGJxUqY0LL3i4rBXJMsIjMDQ8gC9
ymC4ktPelzxWX1evs1j35ZJXynYTVYztLkSLnJuVjqUqjEj/EhjqQFqgRKlhKtED
9JeNM2NGTihYe4o2pTNoosNSsDsvy6liBi2Soko3D0XFkqD7hgCBn6NwJuzCvLQr
ypftGS7Bb1vsq9mEXSDeGZE1zZ170CtJ5/bKfsj66ecUBkt7X4qiFxos8vwb+k9M
WHgTtwipYrXr214aymdEP5t8ze0z6MhFJQU9FYfJ/VqaxV6ug+NH995uKaalY3np
X1vPANODi33wVIze0AiAYCu/bimfw4imG5AiTe7yJZLTa7tUcJ+HgHyZ6kV1Z4MM
CvqqMRKR//yELwFunJ8smDneKV5KnEB1aiH2RcmhplXIcrBtNIGnoOPH84SNJ/Hx
ji3H5meQLYQ0hv5NUXSHDr0bykrHvk5s1fBxG2/CORrMcwTY3dN+1oGDn7o56Wzl
nQ5VGYHWhVyBbfx2utSFeyMgDFrO/NKQBo8jS1UrUW5smYWcCV3LPo+dw3SShIEc
Y/kmbiljQ9+989oLQMvWbYunPzOUrMJUL6XB6We+nuEWnWRDCncCAwEAAaNQME4w
HQYDVR0OBBYEFBdZboL9VDGD0csUCItPSFX+DSQzMB8GA1UdIwQYMBaAFBdZboL9
VDGD0csUCItPSFX+DSQzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
AGiG1DxpTue9Ji9VnkDmrf1uMWi+Xv+adGBjETR3ojR6H8VaMhPZUrGAcTeB3C8h
C6mS0uTm6gAthPP0b25GgYRuZn2TSsWaURH6fXJJISrvZVNfY7CrN7eyK19BYSf+
31KREZOftm/0q8E+dpmUxKXSgvn4NmXG5TD7gOU9d2v9n9RtyNVrXyOWVWMcP73u
StVHHONGwQcm5E7oyQsVcmqKziy7KZxMQwCQ13qzfwlALKDJN19uA/cBBySov05y
NxNHKnhXnzxI57kmm+J7qy7D+XFzEsZZmZVS5J9mOOos19EHXx/qepRtPdxtJgFO
HJV+4tR7gtMCTC84ZkvRC8mUKCcbkzVniutKzdKSZ0uUeDHpAHp/Sv3+5qaevZ9D
2CcbxfqtSfEXr6VHBnBacLBF25P/d3gPN0TqXpR9fhhL1Q8LPW2VrEH9zfLDUDRA
argrFehyERw1WvSIhnz33kicpGC11viN6ITdAChNALttnBYOOPWaBSJL0HCw4HfN
DuUckexsq3zK5oNCCc3bua7tJCB/Jv0lgMZt7sRR7t2UY7Dy/EZH5Zfk9FxUKY/C
98XdGs+SkGrSHyXaHBmcUfFtUW7JfYEcAFrIWLV6E7e1BBjExn53Z97xZgwOvq1x
m0f30I/wnrEVBZwTF/pl5dDLq3a3Pm0kEIcZkzwXve4+
-----END CERTIFICATE-----
secret:
path: "{{ dovecot_conf_dir }}/ssl/dovecot_key.pem"
owner: "{{ dovecot_user }}"
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAsqn3qdkjpvXn3vWIdPCCwGCQdaPhOxiyR0lVd3HfZOZpUM9u
2Y+alXZxexaOeMVIc8Ucazz49e1cgAYW+j4Y7roortcWpGJxUqY0LL3i4rBXJMsI
jMDQ8gC9ymC4ktPelzxWX1evs1j35ZJXynYTVYztLkSLnJuVjqUqjEj/EhjqQFqg
RKlhKtED9JeNM2NGTihYe4o2pTNoosNSsDsvy6liBi2Soko3D0XFkqD7hgCBn6Nw
JuzCvLQrypftGS7Bb1vsq9mEXSDeGZE1zZ170CtJ5/bKfsj66ecUBkt7X4qiFxos
8vwb+k9MWHgTtwipYrXr214aymdEP5t8ze0z6MhFJQU9FYfJ/VqaxV6ug+NH995u
KaalY3npX1vPANODi33wVIze0AiAYCu/bimfw4imG5AiTe7yJZLTa7tUcJ+HgHyZ
6kV1Z4MMCvqqMRKR//yELwFunJ8smDneKV5KnEB1aiH2RcmhplXIcrBtNIGnoOPH
84SNJ/Hxji3H5meQLYQ0hv5NUXSHDr0bykrHvk5s1fBxG2/CORrMcwTY3dN+1oGD
n7o56WzlnQ5VGYHWhVyBbfx2utSFeyMgDFrO/NKQBo8jS1UrUW5smYWcCV3LPo+d
w3SShIEcY/kmbiljQ9+989oLQMvWbYunPzOUrMJUL6XB6We+nuEWnWRDCncCAwEA
AQKCAgAmvRfIKh7C2trVyyM1R9jx4X4xI8F4UNiHAG2ZooUvmY4ISZHddnesJKxi
ZfeqVAxrnbeVwPiySi8eSzO8Oq6pRJABqP1t0zKDGyqA8QM658VdYvCNpFkpv+Nm
+CXNIEdJP3ny3k5ocsf9bQfADG4QxKfAungTEuEQtttM4576y5AvN/c8LAW3hO54
oEurcsERvUnCL6u9kjID6JoLQCoS3L02XbdHnRPnKde2/VTML1vrw0JUDk4DIIXG
Pb7ZEPw8KxBcCqPalX/Sx1uFI7pu3pP9ydMKPoW5JbN/0eoEQ0j1/WT1ophmY79I
B3Eu5J/lmVB0lij07gMsT4h2FhKE79N830aVMwZqp1JpeFarSd+y/uHWE1/qj4Px
16+tsdtNYftl5u9vuOz0Bmw6lszKT+Y6GnzTzEpgvbi5oSqT50va6sb+ScvVx1Vo
ZgMcppOuSQhndYRT4+VuZD8dmBfR8tkINrlIURSIJzACLLV5aU9PtBkxFS4QIAjA
1JzUJoUUS26gGI/fO69ZGZQdYX/eACan4C82JJcS3HBBwmPvYS3T/e9uV5G4e/q4
im1zNxRTOaWDe6mK3kLOVncAPKydYba47kG9PCMTM6Vf5nKww9C7p/sAMekldRdq
E8fRDBApEltYN50ykGvLhTQGfAEyODi2C6rS1XP5uiRhADF5kQKCAQEA4kkAaBhE
oAs4vO3kUOEaTCnn4j4kqSvr2Rgk1++cEheUk5nrmKUeMz6+ViInguVvfI+yyJcN
0wLUVQ2mHQc4iMa3LffIyZ923d9L7e/Z3H5tCgbKEeKpFI4OPm7IRmGuK9SwQrUm
Dq2DRWFTVgCVZ2QWS+r7ECST1+rdbRNYa1rslIOHAwqazMIbNFFEWvXJsc2cRiBs
WSaCdePdPl53Gv7pphhQ7YmvciRLc/ofR9FrW/gAXta+CJ/f22+C4FALE6CT+0KV
fonb7r9144WEkxmJV4HAle5SkUxTf4tUGypkPFrbu3bpc36iQu37SDtX/UXFk75n
gvJXy/WHCAycewKCAQEAyiAW3051kuYxEuafWx9RS6/T+6sMSFjTDIpwdcsMF3tT
0OvwyORcio1Q641556F7ogCuvR0+JK/rmJ3A1AUjTSDOFn+qfsm7sdYYvcHASHt4
xqCyHY/jrw8O+m9h1AnA4r5J0ffRdulzGAnZjF6acMLbRvUgQyIvwPEXofDkixWt
BRz+REKJewInXb+NcC0NASL0N+7tEK1g5jZoi3cEu4EqS05DCRM9FWV3ai6hOHqX
0p68+IM5qAQT9fu4k6qKcGwH8cMskApbZjpjhO2jQ82kMyAUXUQco2AYWCKQNAht
cmCiPrGPIL2eXxtrVi+/UuS4wVMgdgYxtsxboy9fNQKCAQEAwPmGHMkhw5B2hd8d
gbgSu7oxH3QdE+2KAc0itbOX5ctfKHY6uvIb0EQ/X8UBAD7SdMdGDVQgApLa0ii6
8zG8lGSfnidhNg+QXadUk8apuAn6M1k09Lht3rL3z+4Lbo+pUlHu1MJPf8I+mlK9
GyEvPj0rcUGS/cVj5kfIElqVOJ0HRXx63dzQuVpDD2RUuyan5c/jbot0VpnRi7mic
pS9Ne+J27/qjH2LsiPfsMa4Md4JmZLoRDO1Fk5eaFldzc3iwpbBtvZqU1MwFBfm8
ACaAaASBqW4C5t95BVY6LyHBMaPB8Zu4IBRcCbZT2A0SGLpvVCVfC3LLiOXzziovNH
7iQKCAQBaTZjEvb+0gY2lCIQMnM7D1TJHW13yc5OzqmUN3I0XFSM5umDBvO7OQ11
x2FAmY1rfxi09URDzvrEUI0Flo6prKvUWkXOHR1+ytH2gsTeE1gRH30Oweo1U3BoF
HD/e9F2PVJAuYgwoGpKAFvnLWzYFKkRTmR6L5TZtVP9sRIYP5N6urViAf6gzVjxl+k
a6HoF4p5I+FyAuWk/ninsDwrUPUVNd8eRVIEZInjICg5oSahgxNnedIv0mpyXThIC
vgHuPgs7XoC5efx/7dAxQv/3W1xcPMNUO4TmsSHDnBrgFSg/czEg2sH527C4/hLPl
IsNqCNKZf/MblRTrsWn823yA
-----END RSA PRIVATE KEY-----
dovecot_include_role_x509_certificate: true
dovecot_extra_packages: "{% if ansible_os_family == 'Debian' %}[ 'dovecot-imapd' ]{% else %}[]{% endif %}"
dovecot_extra_groups: "{% if ansible_os_family == 'Debian' %}[ 'nogroup' ]{% else %}[ 'nobody' ]{% endif %}"
dovecot_config: |
protocols = {% if ansible_os_family == 'Debian' %}imap{% else %}imaps{% endif %}
listen = *
base_dir = "{{ dovecot_base_dir }}"
{% for i in dovecot_config_fragments %}
{% if i.state == 'present' %}
!include {{ dovecot_confd_dir }}/{{ i.name }}
{% endif %}
{% endfor %}
dovecot_config_fragments:
- name: foo.conf
state: absent
- name: auth.conf
state: present
mode: "0640"
content: |
disable_plaintext_auth = yes
passdb {
driver = {% if ansible_os_family == 'FreeBSD' or ansible_os_family == 'Debian' %}pam{% elif ansible_os_family == 'OpenBSD' %}bsdauth{% endif %}
}
userdb {
driver = passwd
}
- name: ssl.conf
state: present
mode: "0640"
content: |
{% if ansible_os_family == 'Debian' %}
# older dovecot complains:
# 'imaps' protocol can no longer be specified (use protocols=imap)
service imap-login {
inet_listener imap {
port = 0
}
}
{% endif %}
ssl = required
ssl_cert = <{{ dovecot_conf_dir }}/ssl/dovecot_pub.pem
ssl_key = <{{ dovecot_conf_dir }}/ssl/dovecot_key.pem
许可证
版权所有 (c) 2017 Tomoyuki Sakurai <y@trombik.org>
在此授予使用、复制、修改和分发本软件的权限,无论是否收费,前提是上述版权声明和本许可声明出现在所有副本中。
本软件按“原样”提供,作者对本软件不承担任何担保,包括所有暗示的适销性和适合特定目的的担保。在任何情况下,作者都不对因使用、数据或利润的损失而引起的任何特殊、直接、间接或后果性损害承担责任,无论是合同诉讼、过失或其他侵权行动,均不对此软件的使用或性能承担责任。
作者信息
Tomoyuki Sakurai y@trombik.org
该 README 由 qansible 创建。