From 747c551c0024b579efdb9300b7d98f3d9973134d Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 20 Nov 2019 18:51:56 +0100 Subject: [PATCH] Role that installs an unconfigured dovecot service, managing firewall rules and letenscrypt hook accondingly. --- library/roles/dovecot/defaults/main.yml | 19 +++++++++++++++++++ library/roles/dovecot/handlers/main.yml | 0 library/roles/dovecot/meta/main.yml | 0 .../roles/dovecot/tasks/dovecot_firewalld.yml | 12 ++++++++++++ .../dovecot/tasks/dovecot_letsencrypt.yml | 10 ++++++++++ library/roles/dovecot/tasks/dovecot_rh.yml | 15 +++++++++++++++ library/roles/dovecot/tasks/main.yml | 8 ++++++++ .../templates/dovecot_letsencrypt_hook.sh.j2 | 5 +++++ library/roles/dovecot/vars/main.yml | 0 9 files changed, 69 insertions(+) create mode 100644 library/roles/dovecot/defaults/main.yml create mode 100644 library/roles/dovecot/handlers/main.yml create mode 100644 library/roles/dovecot/meta/main.yml create mode 100644 library/roles/dovecot/tasks/dovecot_firewalld.yml create mode 100644 library/roles/dovecot/tasks/dovecot_letsencrypt.yml create mode 100644 library/roles/dovecot/tasks/dovecot_rh.yml create mode 100644 library/roles/dovecot/tasks/main.yml create mode 100644 library/roles/dovecot/templates/dovecot_letsencrypt_hook.sh.j2 create mode 100644 library/roles/dovecot/vars/main.yml diff --git a/library/roles/dovecot/defaults/main.yml b/library/roles/dovecot/defaults/main.yml new file mode 100644 index 0000000..9fd290a --- /dev/null +++ b/library/roles/dovecot/defaults/main.yml @@ -0,0 +1,19 @@ +--- +dovecot_service_enabled: True +dovecot_rh_pkgs: + - dovecot + - dovecot-pigeonhole + +dovecot_firewalld_services: + - { service: 'pop3', state: 'enabled', zone: '{{ firewalld_default_zone }}' } + - { service: 'pop3s', state: 'enabled', zone: '{{ firewalld_default_zone }}' } + - { service: 'imap', state: 'enabled', zone: '{{ firewalld_default_zone }}' } + - { service: 'imaps', state: 'enabled', zone: '{{ firewalld_default_zone }}' } + +# 24 is LMTP +# 4190 is ManageSieve +dovecot_firewalld_ports: + - { port: 24, protocol: 'tcp', state: 'disabled', zone: '{{ firewalld_default_zone }}' } + - { port: 4190, protocol: 'tcp', state: 'disabled', zone: '{{ firewalld_default_zone }}' } + + diff --git a/library/roles/dovecot/handlers/main.yml b/library/roles/dovecot/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/library/roles/dovecot/meta/main.yml b/library/roles/dovecot/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/library/roles/dovecot/tasks/dovecot_firewalld.yml b/library/roles/dovecot/tasks/dovecot_firewalld.yml new file mode 100644 index 0000000..4a191ae --- /dev/null +++ b/library/roles/dovecot/tasks/dovecot_firewalld.yml @@ -0,0 +1,12 @@ +--- +- name: Manage the firewalld rules + block: + - name: Manage the dovecot related services + firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True + with_items: '{{ dovecot_firewalld_services }}' + + - name: Manage the dovecot related tcp/udp ports + firewalld: port={{ item.port }}/{{ item.protocol }} zone={{ item.zone }} permanent={{ item.permanent | default(False) }} state={{ item.state }} immediate=True + with_items: '{{ dovecot_firewalld_ports }}' + + tags: [ 'dovecot', 'firewall', 'firewalld', 'iptables', 'iptables_rules' ] \ No newline at end of file diff --git a/library/roles/dovecot/tasks/dovecot_letsencrypt.yml b/library/roles/dovecot/tasks/dovecot_letsencrypt.yml new file mode 100644 index 0000000..d7a2546 --- /dev/null +++ b/library/roles/dovecot/tasks/dovecot_letsencrypt.yml @@ -0,0 +1,10 @@ +--- +- name: Manage the letsencrypt handler + block: + - name: Create the letsencrypt hooks directory if it is not present + file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root mode=0755 + + - name: Install the dovecot letsencrypt hook + template: src=dovecot_letsencrypt_hook.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/dovecot owner=root group=root mode=0750 + + tags: [ 'dovecot', 'imap', 'letsencrypt' ] diff --git a/library/roles/dovecot/tasks/dovecot_rh.yml b/library/roles/dovecot/tasks/dovecot_rh.yml new file mode 100644 index 0000000..5916b70 --- /dev/null +++ b/library/roles/dovecot/tasks/dovecot_rh.yml @@ -0,0 +1,15 @@ +--- +- name: Install the dovecot packages and start the service + block: + - name: Install the dovecot packages + yum: pkg={{ dovecot_rh_pkgs }} + + - name: Ensure that the service is started and enabled + service: name=dovecot state=started enabled=yes + when: dovecot_service_enabled | bool + + - name: Stop and disable the dovecot service + service: name=dovecot state=stopped enabled=no + when: not dovecot_service_enabled | bool + + tags: [ 'dovecot', 'imap' ] diff --git a/library/roles/dovecot/tasks/main.yml b/library/roles/dovecot/tasks/main.yml new file mode 100644 index 0000000..d99368f --- /dev/null +++ b/library/roles/dovecot/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- import_tasks: dovecot_rh.yml + when: ansible_distribution_file_variety == "RedHat" +- import_tasks: dovecot_firewalld.yml + when: firewalld_enabled is defined and firewalld_enabled | bool +- import_tasks: dovecot_letsencrypt.yml + when: letsencrypt_acme_install is defined and letsencrypt_acme_install | bool + diff --git a/library/roles/dovecot/templates/dovecot_letsencrypt_hook.sh.j2 b/library/roles/dovecot/templates/dovecot_letsencrypt_hook.sh.j2 new file mode 100644 index 0000000..02f0e44 --- /dev/null +++ b/library/roles/dovecot/templates/dovecot_letsencrypt_hook.sh.j2 @@ -0,0 +1,5 @@ +#!/bin/bash + +/bin/systemctl reload dovecot > {{ letsencrypt_acme_sh_log_dir }}/dovecot.log 2>&1 + +exit $? diff --git a/library/roles/dovecot/vars/main.yml b/library/roles/dovecot/vars/main.yml new file mode 100644 index 0000000..e69de29