class profiles::dovecot::backend ( Stdlib::Absolutepath $tls_cert_file = '/etc/pki/tls/vault/certificate.pem', Stdlib::Absolutepath $tls_key_file = '/etc/pki/tls/vault/certificate.pem', Stdlib::Absolutepath $tls_ca_file = '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem', Stdlib::Absolutepath $mail_location = '/shared/apps/maildata/%u', String $hostname = $trusted['certname'], Array[String] $listen = ['*', '::'], Array[String] $protocols = ['imap', 'imaps'], Hash[String, Any] $auth_config = {}, Hash[String, Any] $mail_config = {}, Hash[String, Any] $ssl_config = {}, Hash[String, Any] $logging_config = {}, ) { # Ensure the maildata directory exists file { '/shared/apps/maildata': ensure => directory, owner => 'vmail', group => 'vmail', mode => '0755', } # Create vmail user for dovecot user { 'vmail': ensure => present, uid => 5000, gid => 5000, home => '/shared/apps/maildata', shell => '/usr/sbin/nologin', managehome => false, system => true, } group { 'vmail': ensure => present, gid => 5000, system => true, } # Main dovecot configuration $main_config = { 'values' => { 'listen' => join($listen, ', '), 'protocols' => join($protocols, ' '), 'default_login_user' => 'vmail', 'default_internal_user' => 'vmail', 'first_valid_uid' => '5000', 'last_valid_uid' => '5000', 'first_valid_gid' => '5000', 'last_valid_gid' => '5000', 'mail_uid' => 'vmail', 'mail_gid' => 'vmail', 'mail_location' => "maildir:${mail_location}", 'login_trusted_networks' => '10.0.0.0/8 127.0.0.0/8 [::1]/128', } } # SSL configuration $default_ssl_config = { 'ssl' => { 'values' => { 'ssl' => 'required', 'ssl_cert' => "<${tls_cert_file}", 'ssl_key' => "<${tls_key_file}", 'ssl_ca' => "<${tls_ca_file}", 'ssl_protocols' => '!SSLv2 !SSLv3', 'ssl_cipher_list' => join([ 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES', 'ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS' ], ':'), 'ssl_prefer_server_ciphers' => 'yes', 'ssl_dh_parameters_length' => '2048', } } } # Authentication configuration $default_auth_config = { 'auth' => { 'values' => { 'auth_mechanisms' => 'plain login', 'auth_username_format' => '%Lu', 'auth_default_realm' => 'main.unkin.net', } }, 'auth-vmail' => { 'values' => { 'passdb' => '{ driver = pam }', 'userdb' => '{ driver = passwd override_fields = uid=vmail gid=vmail home=/shared/apps/maildata/%u }', } } } # Mail configuration $default_mail_config = { 'mail' => { 'values' => { 'mail_plugins' => '$mail_plugins', 'namespace inbox' => '{ inbox = yes location = mailbox Drafts { special_use = \\Drafts } mailbox Junk { special_use = \\Junk } mailbox Sent { special_use = \\Sent } mailbox "Sent Messages" { special_use = \\Sent } mailbox Trash { special_use = \\Trash } }', } } } # Logging configuration $default_logging_config = { 'logging' => { 'values' => { 'log_path' => 'syslog', 'syslog_facility' => 'mail', 'auth_verbose' => 'yes', 'auth_debug' => 'no', 'mail_debug' => 'no', } } } # Merge configurations $final_ssl_config = deep_merge($default_ssl_config, $ssl_config) $final_auth_config = deep_merge($default_auth_config, $auth_config) $final_mail_config = deep_merge($default_mail_config, $mail_config) $final_logging_config = deep_merge($default_logging_config, $logging_config) $all_configs = $final_ssl_config + $final_auth_config + $final_mail_config + $final_logging_config # Configure dovecot class { 'dovecot': main_config => $main_config, configs => $all_configs, require => [User['vmail'], Group['vmail'], File['/shared/apps/maildata']], } }