feat: implement dovecot backend server with postfix virtual mailbox integration
- create profiles::dovecot::backend class for IMAPS server configuration - add virtual mailbox support to profiles::postfix::gateway with enable_dovecot parameter - restructure common hieradata elements into mail.yaml - add virtual mailbox and alias map templates with ERB generation - add comprehensive type validation using Stdlib::Email, Stdlib::Fqdn, Stdlib::IP types - configure vmail user (UID/GID 5000) with shared storage on /shared/apps/maildata - update roles::infra::mail::backend to include both dovecot and postfix profiles
This commit is contained in:
@@ -0,0 +1,99 @@
|
||||
class profiles::dovecot::server (
|
||||
Stdlib::Absolutepath $tls_cert_file = '/etc/pki/tls/vault/certificate.pem',
|
||||
Stdlib::Absolutepath $tls_key_file = '/etc/pki/tls/vault/certificate.pem',
|
||||
Stdlib::Absolutepath $tls_ca_file = '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem',
|
||||
Stdlib::Absolutepath $maildir_path = '/var/vmail',
|
||||
String $maildir_var = '%d/%n',
|
||||
String $hostname = $trusted['certname'],
|
||||
Array[String] $listen = ['*', '::'],
|
||||
Array[String] $protocols = ['imap'],
|
||||
) {
|
||||
|
||||
# Ensure the maildata directory exists
|
||||
file { $maildir_path:
|
||||
ensure => directory,
|
||||
owner => 'vmail',
|
||||
group => 'vmail',
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
# Create vmail user for dovecot
|
||||
user { 'vmail':
|
||||
ensure => present,
|
||||
uid => 5000,
|
||||
gid => 5000,
|
||||
home => $maildir_path,
|
||||
shell => '/usr/sbin/nologin',
|
||||
managehome => false,
|
||||
system => true,
|
||||
}
|
||||
|
||||
group { 'vmail':
|
||||
ensure => present,
|
||||
gid => 5000,
|
||||
system => true,
|
||||
}
|
||||
|
||||
# Main dovecot configuration
|
||||
$main_config = {
|
||||
values => {
|
||||
'listen' => join($listen, ', '),
|
||||
'protocols' => join($protocols, ' '),
|
||||
'default_login_user' => 'vmail',
|
||||
'default_internal_user' => 'vmail',
|
||||
'first_valid_uid' => '5000',
|
||||
'last_valid_uid' => '5000',
|
||||
'first_valid_gid' => '5000',
|
||||
'last_valid_gid' => '5000',
|
||||
'mail_uid' => 'vmail',
|
||||
'mail_gid' => 'vmail',
|
||||
'mail_location' => "maildir:${maildir_path}/${maildir_var}/Maildir",
|
||||
'login_trusted_networks' => '10.0.0.0/8 127.0.0.0/8 [::1]/128',
|
||||
'disable_plaintext_auth' => 'no',
|
||||
'auth_mechanisms' => 'cram-md5 plain login',
|
||||
'ssl' => 'required',
|
||||
'ssl_cert' => $tls_cert_file,
|
||||
'ssl_key' => $tls_key_file,
|
||||
'ssl_ca' => $tls_ca_file,
|
||||
'ssl_min_protocol' => 'TLSv1.2',
|
||||
'ssl_cipher_list' => join([
|
||||
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES',
|
||||
'ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'
|
||||
], ':'),
|
||||
'ssl_prefer_server_ciphers' => 'yes',
|
||||
},
|
||||
sections => [
|
||||
{
|
||||
name => 'passdb',
|
||||
values => {
|
||||
'driver' => 'passwd-file',
|
||||
'args' => 'scheme=CRAM-MD5 username_format=%u /etc/dovecot/users',
|
||||
},
|
||||
},
|
||||
{
|
||||
name => 'userdb',
|
||||
values => {
|
||||
'driver' => 'static',
|
||||
'args' => "uid=vmail gid=vmail home=${maildir_path}/${maildir_var}",
|
||||
},
|
||||
},
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
# # Postfix smtp-auth
|
||||
# unix_listener /var/spool/postfix/private/auth {
|
||||
# mode = 0666
|
||||
# user = postfix
|
||||
# group = postfix
|
||||
# }
|
||||
|
||||
|
||||
# Configure dovecot
|
||||
class { 'dovecot':
|
||||
main_config => $main_config,
|
||||
include_sysdefault => false,
|
||||
require => [User['vmail'], Group['vmail'], File[$maildir_path]],
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user