AnsibleRoles/ensure_dovecot
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Enable mod_md fetched ACME TLS Certificates

Browse Source
This commit is contained in:
Jason Rothstein
2021-12-05 14:47:01 -06:00
parent 9ef51a9b8c
commit f4151abc3f
4 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
templates/Fedora/35/etc/dovecot/local.conf
View File

@@ -4,3 +4,5 @@ mail_privileged_group = mail
first_valid_uid = 0
mail_uid = mail
mail_gid = mail
ssl_mmin_protocol = TLSv1.2
ssl_cipher_list = PROFILE=SYSTEM

12
templates/Fedora/35/usr/lib/systemd/system/dovecot-copytls.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Copy TLS Certificates for Dovecot
[Service]
Type=oneshot
ExecStartPre=mkdir -p /etc/dovecot/certificates
ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/*/*.pem /etc/dovecot/certificates/'
ExecStartPost=chown -R root:root /etc/dovecot/certificates
[Install]
WantedBy=dovecot.service

9
templates/Fedora/35/usr/lib/systemd/system/dovecot-copytls.timer Normal file
View File

@@ -0,0 +1,9 @@
[Unit]
Description=Copy TLS Certificates for Dovecot
[Timer]
OnUnitActiveSec=5min
[Install]
WantedBy=dovecot.service

10
vars/Fedora-35-default.yml
View File

@@ -20,6 +20,12 @@ service_list:
- enabled: 'yes'
name: 'dovecot.service'
state: 'started'
- enabled: 'yes'
name: 'dovecot-copytls.service'
state: 'started'
- enabled: 'yes'
name: 'dovecot-copytls.timer'
state: 'started'
template_list:
- dest: '/etc/dovecot/conf.d/10-auth.conf'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/conf.d/10-auth.conf'
@@ -84,3 +90,7 @@ template_list:
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/dovecot-sql.conf.ext'
- dest: '/etc/dovecot/local.conf'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dovecot/local.conf'
- dest: '/usr/lib/systemd/system/dovecot-copytls.service'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/dovecot-copytls.service'
- dest: '/usr/lib/systemd/system/dovecot-copytls.timer'
src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/dovecot-copytls.timer'