infrastructure/roles/dovecot/tasks/main.yml

---

- name: install dovecot
  pacman: name=dovecot,pigeonhole state=present

# FIXME: check directory permissions
- name: create dovecot configuration directory
  file: path=/etc/dovecot state=directory owner=root group=root mode=0755

- name: create dhparam
  command: openssl dhparam -out /etc/dovecot/dh.pem 4096 creates=/etc/dovecot/dh.pem

- name: install dovecot.conf
  template: src=dovecot.conf.j2 dest=/etc/dovecot/dovecot.conf owner=root group=root mode=0644
  notify:
    - reload dovecot

- name: install PAM config
  copy: src=pam.d.dovecot dest=/etc/pam.d/dovecot mode=0644 owner=root group=root

- name: create dovecot sieve dir
  file: path=/etc/dovecot/sieve state=directory owner=root group=root mode=0755

- name: install spam-to-folder.sieve
  copy: src=spam-to-folder.sieve dest=/etc/dovecot/sieve/ mode=0644 owner=root group=root
  notify:
    - run sievec

- name: install dovecot cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/dovecot owner=root group=root mode=0755

- name: start and enable dovecot
  service: name=dovecot enabled=yes state=started

- name: open firewall holes
  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
  with_items:
    - pop3s
    - imaps
    - managesieve
  when: configure_firewall
  tags:
    - firewall

- name: install systemd timers
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - dovecot-cleanup.timer
    - dovecot-cleanup.service

- name: activate systemd timers
  systemd:
    name: "{{ item }}"
    state: started
    enabled: true
    daemon_reload: true
  with_items:
    - dovecot-cleanup.timer