Getting started

Default setup

If you don't specify any configuration values, the role will setup an IMAP and IMAPS service using the certificates provided by ansible-pki. It will further use the ansible-ferm role to open the required network ports with iptables: 143 (IMAP+STARTTLS) and 993 (IMAPS). Every user account which is able to login via PAM, can then also login via IMAP and access its mails stored as an mbox file in /var/mail/<username>.

LDAP support

When the LDAP environment is configured on a host, the debops.dovecot role will automatically switch from system account authentication to LDAP-based accounts.

Example inventory

You can install Dovecot on a host by adding it to the [debops_service_dovecot] group in your Ansible inventory:

[debops_service_dovecot]
hostname

Example playbook

Here's an example playbook which uses debops.dovecot role to install Dovecot:

---

- name: Manage Dovecot service
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_dovecot' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  pre_tasks:

    - name: Prepare dovecot environment
      import_role:
        name: 'dovecot'
        tasks_from: 'main_env'
      tags: [ 'role::dovecot', 'role::secret', 'role::ferm' ]

    - name: Prepare postfix environment
      import_role:
        name: 'postfix'
        tasks_from: 'main_env'
      vars:
        postfix__dependent_maincf:
          - role: 'dovecot'
            config: '{{ dovecot__postfix__dependent_maincf }}'
        postfix__dependent_mastercf:
          - role: 'dovecot'
            config: '{{ dovecot__postfix__dependent_mastercf }}'
      tags: [ 'role::postfix', 'role::secret', 'role::ferm' ]

  roles:

    - role: secret
      tags: [ 'role::secret', 'role::postfix' ]
      secret__directories:
        - '{{ postfix__secret__directories }}'

    - role: ferm
      tags: [ 'role::ferm', 'skip::ferm' ]
      ferm__dependent_rules:
        - '{{ dovecot__ferm__dependent_rules }}'

    - role: postfix
      tags: [ 'role::postfix', 'skip::postfix' ]
      postfix__dependent_maincf:
        - role: 'dovecot'
          config: '{{ dovecot__postfix__dependent_maincf }}'
      postfix__dependent_mastercf:
        - role: 'dovecot'
          config: '{{ dovecot__postfix__dependent_mastercf }}'

    - role: python
      tags: [ 'role::python', 'skip::python', 'role::ldap' ]
      python__dependent_packages3:
        - '{{ ldap__python__dependent_packages3 }}'
      python__dependent_packages2:
        - '{{ ldap__python__dependent_packages2 }}'

    - role: ldap
      tags: [ 'role::ldap', 'skip::ldap' ]
      ldap__dependent_tasks:
        - '{{ dovecot__ldap__dependent_tasks }}'

    - role: dovecot
      tags: [ 'role::dovecot', 'skip::dovecot' ]

Ansible tags

You can use Ansible --tags or --skip-tags parameters to limit what tasks are performed during Ansible run. This can be used after a host was first configured to speed up playbook execution, when you are sure that most of the configuration is already in the desired state.

Available role tags:

role::dovecot

Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.