diff --git a/defaults/main.yml b/defaults/main.yml index aadd826..e070700 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -100,3 +100,9 @@ dovecot_quota_additional_limit: # gracia (en porcentaje o M) dovecot_quota_grace: 10% + +# submission +dovecot_submission_enable: yes +dovecot_submission_relay_host: postfix +dovecot_submission_relay_port: 25 +dovecot_submission_relay_trusted: yes diff --git a/files/Dockerfile b/files/Dockerfile index 01fb288..2f1d1ad 100644 --- a/files/Dockerfile +++ b/files/Dockerfile @@ -2,7 +2,11 @@ FROM eumau/debian:buster-slim LABEL maintainer "Mauro Torrez " ARG DEBIAN_FRONTEND=noninteractive ENV LC_ALL C -ENV SUBMISSION_ENABLE= \ +ENV \ + MAIL_DOMAINS= \ + AUTH_MECHANISMS=plain \ + AUTH_USERNAME_FORMAT="%Lu" \ + AUTH_MASTER_ENABLE= \ SUBMISSION_RELAY_HOST= \ SUBMISSION_RELAY_PORT=25 \ SUBMISSION_RELAY_TRUSTED=yes \ @@ -11,9 +15,25 @@ ENV SUBMISSION_ENABLE= \ SUBMISSION_RELAY_PASSWORD= \ SUBMISSION_RELAY_SSL=starttls \ SUBMISSION_RELAY_SSL_VERIFY=no \ - SUBMISSION_RELAY_RAWLOG_DIR= + SUBMISSION_RELAY_RAWLOG_DIR= \ + LDAP_ENABLE= \ + LDAP_HOSTS="ldap:389" \ + LDAP_URIS= \ + LDAP_BIND=yes \ + LDAP_VERSION=3 \ + LDAP_BASE="dc=example,dc=org" \ + LDAP_SCOPE=sub \ + LDAP_USER_ATTRS="=home=/vmail/mail/%d/%n, =uid=5000, =gid=5000" \ + LDAP_USER_FILTER="(&(objectClass=inetOrgPerson)(uid=%n))" \ + LDAP_PASS_ATTRS="userPassword=password, =userdb_home=/vmail/mail/%d/%n, =userdb_uid=5000, =userdb_gid=5000" \ + LDAP_PASS_FILTER="(&(objectClass=inetOrgPerson)(uid=%n))" \ + LDAP_ITERATE_ATTRS="=user=%{ldap:uid}@%d" \ + LDAP_ITERATE_FILTER="(objectClass=inetOrgPerson)" \ + LDAP_DEFAULT_PASS_SCHEME=CRYPT -RUN apt-get update && apt-get install -y --no-install-recommends \ +RUN groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \ + && mkdir -p /vmail && chown vmail:vmail /vmail \ + && apt-get update && apt-get install -y --no-install-recommends \ dovecot-lmtpd \ dovecot-imapd \ dovecot-ldap \ @@ -24,8 +44,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ bogofilter \ ssl-cert \ && rm -rf /var/lib/apt/lists/* \ - && groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \ - && mkdir -p /vmail && chown vmail:vmail /vmail \ && mkdir -p /ssl && chmod 700 /ssl \ && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \ && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \ @@ -44,13 +62,7 @@ ADD 10-mail.conf \ ADD local.conf /etc/dovecot/ ADD junk-filter.sieve /etc/dovecot/sieve/before/ -ADD \ - 10-auth.conf.tmpl \ - 20-lmtp.conf.tmpl \ - ldap.conf.ext.tmpl \ - submission.conf.tmpl \ - /etc/confd/templates/ -ADD confd-*.toml /etc/confd/conf.d/ +ADD confd /etc/confd/ RUN sievec /etc/dovecot/sieve/before diff --git a/files/confd-auth.toml b/files/confd/conf.d/auth.toml similarity index 88% rename from files/confd-auth.toml rename to files/confd/conf.d/auth.toml index f7b8a0f..3f02539 100644 --- a/files/confd-auth.toml +++ b/files/confd/conf.d/auth.toml @@ -6,5 +6,5 @@ keys = [ "/auth/username/format", "/auth/mechanisms", "/auth/master/enable", - "/auth/ldap/enable" + "/ldap/enable" ] diff --git a/files/confd-ldap.toml b/files/confd/conf.d/ldap.toml similarity index 100% rename from files/confd-ldap.toml rename to files/confd/conf.d/ldap.toml diff --git a/files/confd-ldap2.toml b/files/confd/conf.d/ldap2.toml similarity index 100% rename from files/confd-ldap2.toml rename to files/confd/conf.d/ldap2.toml diff --git a/files/confd-lmtp.toml b/files/confd/conf.d/lmtp.toml similarity index 100% rename from files/confd-lmtp.toml rename to files/confd/conf.d/lmtp.toml diff --git a/files/confd-submission.toml b/files/confd/conf.d/submission.toml similarity index 93% rename from files/confd-submission.toml rename to files/confd/conf.d/submission.toml index 196f8bb..ee8091b 100644 --- a/files/confd-submission.toml +++ b/files/confd/conf.d/submission.toml @@ -2,7 +2,6 @@ src = "submission.conf.tmpl" dest = "/etc/dovecot/local.d/submission.conf" keys = [ - "/submission/enable", "/submission/relay/host", "/submission/relay/port", "/submission/relay/trusted", diff --git a/files/10-auth.conf.tmpl b/files/confd/templates/10-auth.conf.tmpl similarity index 94% rename from files/10-auth.conf.tmpl rename to files/confd/templates/10-auth.conf.tmpl index 7838f82..e16688d 100644 --- a/files/10-auth.conf.tmpl +++ b/files/confd/templates/10-auth.conf.tmpl @@ -17,7 +17,7 @@ passdb { {{ end }} -{{ if eq (getv "/auth/ldap/enable") "yes"}} +{{ if eq (getv "/ldap/enable") "yes"}} passdb { driver = ldap args = /etc/dovecot/local.d/ldap.conf.ext diff --git a/files/20-lmtp.conf.tmpl b/files/confd/templates/20-lmtp.conf.tmpl similarity index 100% rename from files/20-lmtp.conf.tmpl rename to files/confd/templates/20-lmtp.conf.tmpl diff --git a/files/90-quota.conf.tmpl b/files/confd/templates/90-quota.conf.tmpl similarity index 100% rename from files/90-quota.conf.tmpl rename to files/confd/templates/90-quota.conf.tmpl diff --git a/files/ldap.conf.ext.tmpl b/files/confd/templates/ldap.conf.ext.tmpl similarity index 100% rename from files/ldap.conf.ext.tmpl rename to files/confd/templates/ldap.conf.ext.tmpl diff --git a/files/submission.conf.tmpl b/files/confd/templates/submission.conf.tmpl similarity index 81% rename from files/submission.conf.tmpl rename to files/confd/templates/submission.conf.tmpl index c3bcccc..791783d 100644 --- a/files/submission.conf.tmpl +++ b/files/confd/templates/submission.conf.tmpl @@ -1,5 +1,3 @@ -{{ if eq (getv "/submission/enable") "yes"}} -protocols = $protocols submission submission_relay_host = {{getv "/submission/relay/host"}} submission_relay_port = {{getv "/submission/relay/port"}} submission_relay_trusted = {{getv "/submission/relay/trusted"}} @@ -9,6 +7,3 @@ submission_relay_password = {{getv "/submission/relay/password"}} submission_relay_ssl = {{getv "/submission/relay/ssl"}} submission_relay_ssl_verify = {{getv "/submission/relay/ssl/verify"}} submission_relay_rawlog_dir = {{getv "/submission/relay/rawlog/dir"}} -{{else}} -# submission service disabled -{{end}} diff --git a/tasks/main.yml b/tasks/main.yml index 1c8c38c..1c33f87 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -11,24 +11,16 @@ dest: /root/.dovecot-docker-image loop: - Dockerfile - - 10-auth.conf.tmpl - 10-mail.conf - 10-master.conf - 10-ssl.conf - 15-mailboxes.conf - 20-imap.conf - - 20-lmtp.conf.tmpl - 90-antispam.conf - 90-sieve.conf - - ldap.conf.ext.tmpl - junk-filter.sieve - local.conf - - submission.conf.tmpl - - confd-auth.toml - - confd-ldap.toml - - confd-ldap2.toml - - confd-lmtp.toml - - confd-submission.toml + - confd tags: skip_me - name: Crear imagen {{ dovecot_image }} @@ -50,25 +42,27 @@ - "{{ dovecot_volume_ssl }}:/ssl/" networks: - name: "{{ docker_network_name }}" - ports: - - 143:143 - - 2000:2000 + ports: >- + [ "143:143", + {{ '"587:587",' if dovecot_submission_enable else '' }} + "2000:2000" + ] + env: MAIL_DOMAINS: "{{ mail_domains.keys() | list | join(' ') }}" AUTH_MECHANISMS: "{{ dovecot_auth_mechanisms }}" AUTH_USERNAME_FORMAT: "{{ dovecot_auth_username_format }}" - AUTH_LDAP_ENABLE: "{{ 'yes' if dovecot_ldap_enable else '' }}" AUTH_MASTER_ENABLE: "{{ 'yes' if dovecot_auth_master_enable else '' }}" - SUBMISSION_ENABLE: "yes" - SUBMISSION_RELAY_HOST: postfix - SUBMISSION_RELAY_PORT: "25" - SUBMISSION_RELAY_TRUSTED: "yes" + SUBMISSION_RELAY_HOST: "{{ dovecot_submission_relay_host }}" + SUBMISSION_RELAY_PORT: "{{ dovecot_submission_relay_port | string }}" + SUBMISSION_RELAY_TRUSTED: "{{ 'yes' if dovecot_submission_relay_trusted else 'no' }}" # SUBMISSION_RELAY_USER: # SUBMISSION_RELAY_MASTER_USER: # SUBMISSION_RELAY_PASSWORD: # SUBMISSION_RELAY_SSL: starttls # SUBMISSION_RELAY_SSL_VERIFY: "no" # SUBMISSION_RELAY_RAWLOG_DIR: + LDAP_ENABLE: "{{ 'yes' if dovecot_ldap_enable else '' }}" LDAP_HOSTS: "{{ dovecot_ldap_hosts | join(' ') }}" LDAP_URIS: "{{ dovecot_ldap_uris | join(' ') }}" LDAP_BIND: "{{ 'yes' if dovecot_ldap_bind else 'no' }}"