home-server/roles/dovecot/tasks/main.yml

---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.

### UPSTREAM BEGIN ⇒ ###
- name: pull prerequisites from upstream
  include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
  vars:
    msg: Dovecot
### ⇐ UPSTREAM BEGIN ###

- name: install software
  package:
    name: "{{item}}"
    state: present
  with_items:
    - dovecot
    - pigeonhole

### UPSTREAM END ⇒ ###
- name: merge upstream
  include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
  vars:
    msg: Dovecot
### ⇐ UPSTREAM END ###

- name: prepare overriding dovecot settings
  file:
    name: /etc/systemd/system/dovecot.service.d
    state: directory
    mode: 0755

- name: override dovecot.service settings
  copy:
    content: |
      [Unit]
      After=systemd-tmpfiles-setup.service      
    dest: /etc/systemd/system/dovecot.service.d/shared_sockets.conf
    mode: 0644
  notify:
    - restart dovecot.service

- name: secure Dovecot systemd settings
  copy:
    content: |
      [Service]
      ProtectSystem=full      
    dest: /etc/systemd/system/dovecot.service.d/secure-{{nickname}}.conf
    mode: 0644
  notify:
    - restart dovecot.service

- name: create the configuration directory
  file:
    name: /etc/dovecot
    state: directory
    mode: 0755

- name: main configuration
  template:
    src: templates/dovecot.conf.j2
    dest: /etc/dovecot/dovecot.conf
    mode: 0644
  notify:
    - restart dovecot.service

- name: passdb configuration
  template:
    src: templates/dovecot-ldap-passdb.conf.j2
    dest: /etc/dovecot/dovecot-ldap-passdb.conf
    mode: 0600
  notify:
    - restart dovecot.service

- name: userdb configuration
  copy:
    remote_src: true
    src: /etc/dovecot/dovecot-ldap-passdb.conf
    dest: /etc/dovecot/dovecot-ldap-userdb.conf
    mode: 0600
  notify:
    - restart dovecot.service

- name: enable Dovecot
  systemd:
    daemon_reload: true
    name: dovecot.service
    enabled: true

### LOCAL COMMIT ⇒ ###
- name: commit local changes
  include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
  vars:
    msg: Dovecot
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers