diff --git a/templates/Fedora/35/etc/dovecot/local.conf b/templates/Fedora/35/etc/dovecot/local.conf index b29b3ef..ff8a76e 100644 --- a/templates/Fedora/35/etc/dovecot/local.conf +++ b/templates/Fedora/35/etc/dovecot/local.conf @@ -4,3 +4,5 @@ mail_privileged_group = mail first_valid_uid = 0 mail_uid = mail mail_gid = mail +ssl_mmin_protocol = TLSv1.2 +ssl_cipher_list = PROFILE=SYSTEM diff --git a/templates/Fedora/35/usr/lib/systemd/system/dovecot-copytls.service b/templates/Fedora/35/usr/lib/systemd/system/dovecot-copytls.service new file mode 100644 index 0000000..516df92 --- /dev/null +++ b/templates/Fedora/35/usr/lib/systemd/system/dovecot-copytls.service @@ -0,0 +1,12 @@ +[Unit] +Description=Copy TLS Certificates for Dovecot + +[Service] +Type=oneshot +ExecStartPre=mkdir -p /etc/dovecot/certificates +ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/*/*.pem /etc/dovecot/certificates/' +ExecStartPost=chown -R root:root /etc/dovecot/certificates + +[Install] +WantedBy=dovecot.service + diff --git a/templates/Fedora/35/usr/lib/systemd/system/dovecot-copytls.timer b/templates/Fedora/35/usr/lib/systemd/system/dovecot-copytls.timer new file mode 100644 index 0000000..622a8b6 --- /dev/null +++ b/templates/Fedora/35/usr/lib/systemd/system/dovecot-copytls.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Copy TLS Certificates for Dovecot + +[Timer] +OnUnitActiveSec=5min + +[Install] +WantedBy=dovecot.service + diff --git a/vars/Fedora-35-default.yml b/vars/Fedora-35-default.yml index 0b84c08..dc7d4e4 100644 --- a/vars/Fedora-35-default.yml +++ b/vars/Fedora-35-default.yml @@ -20,6 +20,12 @@ service_list: - enabled: 'yes' name: 'dovecot.service' state: 'started' + - enabled: 'yes' + name: 'dovecot-copytls.service' + state: 'started' + - enabled: 'yes' + name: 'dovecot-copytls.timer' + state: 'started' template_list: - dest: '/etc/dovecot/conf.d/10-auth.conf' src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/conf.d/10-auth.conf' @@ -84,3 +90,7 @@ template_list: src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/dovecot-sql.conf.ext' - dest: '/etc/dovecot/local.conf' src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/local.conf' + - dest: '/usr/lib/systemd/system/dovecot-copytls.service' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/dovecot-copytls.service' + - dest: '/usr/lib/systemd/system/dovecot-copytls.timer' + src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/dovecot-copytls.timer'