Enable MySQL user accounts

README.md

@@ -6,12 +6,82 @@ A brief description of the role goes here.
 Requirements
 ------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+Create database for MySQL/MariaDB with : 
+
+```
+CREATE DATABASE IF NOT EXISTS `mailserver` DEFAULT CHARACTER SET utf8mb4;
+USE `mailserver`;
+
+CREATE TABLE IF NOT EXISTS `virtual_domains` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  PRIMARY KEY (`id`)
+) DEFAULT CHARSET=utf8mb4 CHECKSUM=1;
+
+CREATE TABLE IF NOT EXISTS `virtual_aliases` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `domain_id` int(11) NOT NULL,
+  `source` varchar(255) NOT NULL,
+  `destination` varchar(255) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `domain_id` (`domain_id`),
+  CONSTRAINT `virtual_aliases_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `virtual_domains` (`id`) ON DELETE CASCADE
+) DEFAULT CHARSET=utf8mb4 CHECKSUM=1;
+
+CREATE TABLE IF NOT EXISTS `virtual_users` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `domain_id` int(11) NOT NULL,
+  `password` varchar(106) NOT NULL,
+  `email` varchar(255) NOT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `email` (`email`),
+  KEY `domain_id` (`domain_id`),
+  CONSTRAINT `virtual_users_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `virtual_domains` (`id`) ON DELETE CASCADE
+) DEFAULT CHARSET=utf8mb4 CHECKSUM=1;
+```
+
+Create an account to access MySQL/MariaDB with : 
+
+```
+GRANT SELECT ON mailserver.* TO 'mailserver'@'%' IDENTIFIED BY 'changeme';
+FLUSH PRIVLEGES;
+```
+
+New users created via the following SQL : 
+
+```
+INSERT INTO `virtual_domains`
+  (`name`)
+VALUES
+  ('example.com');
+
+SELECT *
+FROM `virtual_domains`
+WHERE `name`='example.com';
+
+INSERT INTO `virtual_users`
+  (`domain_id`, `password`, `email`)
+VALUES
+  ('1', ENCRYPT('changeme', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'webmaster@example.com');
+```
+
+In the above example, the MySQL/MariaDB ENCRYPT() function calls the OS crypt(3) function. The above uses a random 16 character SALT to encrypt, and selects the SHA-512 crypt method. Other available crypt methods are as follows : 
+
+| ID | Method |
+| - | - |
+| 1 | MD5 |
+| 5 | SHA-256 (glibc >= 2.7) |
+| 6 | SHA-512 (glibc >= 2.7) |
 
 Role Variables
 --------------
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+| Variable | Default | Description |
+| - | - | - |
+| dovecot_mysql_server | undefined | Server to connect to |
+| dovecot_mysql_database | undefined | Database with MySQL to use |
+| dovecot_mysql_username | undefined | Username with read only rights |
+| dovecot_mysql_password | undefined | Password for read only user |
 
 Dependencies
 ------------

templates/Fedora/35/etc/dovecot/dovecot-sql.conf.ext

@@ -0,0 +1,8 @@
+{% if dovecot_mysql_server is defined and dovecot_mysql_database is defined and dovecot_mysql_username is defined and dovecot_mysql_password is defined %}
+driver = mysql
+connect = host={{ dovecot_mysql_server }} dbname={{ dovecot_mysql_database }} user={{ dovecot_mysql_username }} password={{ dovecot_mysql_password }}
+default_pass_scheme = SHA512-CRYPT
+password_query = SELECT email AS user, password FROM virtual_users WHERE email='%u';
+user_query = SELECT email AS user FROM virtual_users WHERE email='%u';
+iterate_query = SELECT email AS user FROM users;
+{% endif %$}

templates/Fedora/35/etc/dovecot/local.conf

@@ -0,0 +1,6 @@
+!include conf.d/auth-sql.conf.ext
+mail_location = maildir:/var/spool/mail/%d/%n
+mail_privileged_group = mail
+first_valid_uid = 0
+mail_uid = mail
+mail_gid = mail

vars/Fedora-35-default.yml

@@ -79,3 +79,8 @@ template_list:
     src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/conf.d/90-sieve.conf'
   - dest: '/etc/dovecot/dovecot.conf'
     src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/dovecot.conf'
+  - dest: '/etc/dovecot/dovecot-sql.conf.ext'
+    mode: '0600'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/dovecot-sql.conf.ext'
+  - dest: '/etc/dovecot/local.conf'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/local.conf'