forked from ISTI-ansible-roles/ansible-roles
Role that installs an unconfigured dovecot service, managing firewall rules and letenscrypt hook accondingly.
This commit is contained in:
parent
9b4f3d3d46
commit
747c551c00
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
dovecot_service_enabled: True
|
||||
dovecot_rh_pkgs:
|
||||
- dovecot
|
||||
- dovecot-pigeonhole
|
||||
|
||||
dovecot_firewalld_services:
|
||||
- { service: 'pop3', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
||||
- { service: 'pop3s', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
||||
- { service: 'imap', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
||||
- { service: 'imaps', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
||||
|
||||
# 24 is LMTP
|
||||
# 4190 is ManageSieve
|
||||
dovecot_firewalld_ports:
|
||||
- { port: 24, protocol: 'tcp', state: 'disabled', zone: '{{ firewalld_default_zone }}' }
|
||||
- { port: 4190, protocol: 'tcp', state: 'disabled', zone: '{{ firewalld_default_zone }}' }
|
||||
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
- name: Manage the firewalld rules
|
||||
block:
|
||||
- name: Manage the dovecot related services
|
||||
firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True
|
||||
with_items: '{{ dovecot_firewalld_services }}'
|
||||
|
||||
- name: Manage the dovecot related tcp/udp ports
|
||||
firewalld: port={{ item.port }}/{{ item.protocol }} zone={{ item.zone }} permanent={{ item.permanent | default(False) }} state={{ item.state }} immediate=True
|
||||
with_items: '{{ dovecot_firewalld_ports }}'
|
||||
|
||||
tags: [ 'dovecot', 'firewall', 'firewalld', 'iptables', 'iptables_rules' ]
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Manage the letsencrypt handler
|
||||
block:
|
||||
- name: Create the letsencrypt hooks directory if it is not present
|
||||
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root mode=0755
|
||||
|
||||
- name: Install the dovecot letsencrypt hook
|
||||
template: src=dovecot_letsencrypt_hook.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/dovecot owner=root group=root mode=0750
|
||||
|
||||
tags: [ 'dovecot', 'imap', 'letsencrypt' ]
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
- name: Install the dovecot packages and start the service
|
||||
block:
|
||||
- name: Install the dovecot packages
|
||||
yum: pkg={{ dovecot_rh_pkgs }}
|
||||
|
||||
- name: Ensure that the service is started and enabled
|
||||
service: name=dovecot state=started enabled=yes
|
||||
when: dovecot_service_enabled | bool
|
||||
|
||||
- name: Stop and disable the dovecot service
|
||||
service: name=dovecot state=stopped enabled=no
|
||||
when: not dovecot_service_enabled | bool
|
||||
|
||||
tags: [ 'dovecot', 'imap' ]
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- import_tasks: dovecot_rh.yml
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
- import_tasks: dovecot_firewalld.yml
|
||||
when: firewalld_enabled is defined and firewalld_enabled | bool
|
||||
- import_tasks: dovecot_letsencrypt.yml
|
||||
when: letsencrypt_acme_install is defined and letsencrypt_acme_install | bool
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
/bin/systemctl reload dovecot > {{ letsencrypt_acme_sh_log_dir }}/dovecot.log 2>&1
|
||||
|
||||
exit $?
|
Loading…
Reference in New Issue