diff options
Diffstat (limited to 'playbooks/roles/mail/templates')
-rw-r--r-- | playbooks/roles/mail/templates/docker-compose.yml.j2 | 71 | ||||
-rw-r--r-- | playbooks/roles/mail/templates/dovecot-ldap.conf.j2 | 10 | ||||
-rw-r--r-- | playbooks/roles/mail/templates/oauth2.inc.php.j2 | 19 | ||||
-rw-r--r-- | playbooks/roles/mail/templates/sieve.inc.php.j2 | 4 | ||||
-rw-r--r-- | playbooks/roles/mail/templates/user-patches.sh.j2 | 20 |
5 files changed, 124 insertions, 0 deletions
diff --git a/playbooks/roles/mail/templates/docker-compose.yml.j2 b/playbooks/roles/mail/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..f122185 --- /dev/null +++ b/playbooks/roles/mail/templates/docker-compose.yml.j2 @@ -0,0 +1,71 @@ +version: '3' + +services: + roundcube: + image: roundcube/roundcubemail:latest + restart: always + volumes: + - ./docker-data/roundcube/www:/var/www/html + - ./docker-data/roundcube/db/sqlite:/var/roundcube/db + - ./docker-data/roundcube/config:/var/roundcube/config + ports: + - 127.0.0.1:9002:80 + environment: + - ROUNDCUBEMAIL_DB_TYPE=sqlite + - ROUNDCUBEMAIL_SKIN=elastic + - ROUNDCUBEMAIL_PLUGINS={{ roundcube_plugins }} + - ROUNDCUBEMAIL_DEFAULT_HOST={{ roundcube_default_host }} + - ROUNDCUBEMAIL_DEFAULT_PORT={{ roundcube_default_port }} + - ROUNDCUBEMAIL_SMTP_SERVER={{ roundcube_smtp_host }} + - ROUNDCUBEMAIL_SMTP_PORT={{ roundcube_smtp_port }} + + mailserver: + image: ghcr.io/docker-mailserver/docker-mailserver:latest + hostname: {{ mail_domain }} + restart: always + ports: + - 0.0.0.0:25:25 + - 0.0.0.0:465:465 + - 0.0.0.0:587:587 + - 0.0.0.0:993:993 + - 0.0.0.0:4190:4190 + volumes: + - ./docker-data/dms/mail-data/:/var/mail/ + - ./docker-data/dms/mail-state/:/var/mail-state/ + - ./docker-data/dms/mail-logs/:/var/log/mail/ + - ./docker-data/dms/config/:/tmp/docker-mailserver/ + - ./docker-data/dms/config/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf.ext + - /etc/letsencrypt:/etc/letsencrypt:ro + - /etc/localtime:/etc/localtime:ro + environment: + - SSL_TYPE=letsencrypt + - ENABLE_CLAMAV=0 + - ENABLE_AMAVIS=1 + - ENABLE_FAIL2BAN=1 + - ENABLE_SASLAUTHD=1 + - ENABLE_MANAGESIEVE=1 + - ENABLE_POSTGREY=0 + + - SPOOF_PROTECTION=1 + - ACCOUNT_PROVISIONER=LDAP + - LDAP_SERVER_HOST={{ ldap_server_host }} + - LDAP_SEARCH_BASE={{ ldap_search_base }} + - LDAP_BIND_DN={{ ldap_bind_dn }} + - LDAP_BIND_PW={{ email_ldap_api_token }} + + - LDAP_QUERY_FILTER_USER={{ ldap_query_filter_user }} + - LDAP_QUERY_FILTER_GROUP={{ ldap_query_filter_group }} + - LDAP_QUERY_FILTER_ALIAS={{ ldap_query_filter_alias }} + - LDAP_QUERY_FILTER_DOMAIN={{ ldap_query_filter_domain }} + - LDAP_QUERY_FILTER_SENDERS={{ ldap_query_filter_senders }} + + - POSTMASTER_ADDRESS={{ postmaster_email }} + + - ENABLE_SASLAUTHD=1 + - SASLAUTHD_MECHANISMS=ldap + - SASLAUTHD_LDAP_FILTER={{ sasl_ldap_filter }} + + - ENABLE_OAUTH2=1 + - OAUTH2_INTROSPECTION_URL={{ roundcube_oauth2_user_uri }} + extra_hosts: + - {{ ldap_server }}:{{ ldap_intranet }} diff --git a/playbooks/roles/mail/templates/dovecot-ldap.conf.j2 b/playbooks/roles/mail/templates/dovecot-ldap.conf.j2 new file mode 100644 index 0000000..92bfcbd --- /dev/null +++ b/playbooks/roles/mail/templates/dovecot-ldap.conf.j2 @@ -0,0 +1,10 @@ +base = {{ ldap_search_base }} +uris = {{ ldap_server_host }} +tls = no +ldap_version = 3 +default_pass_scheme = SSHA + +auth_bind = yes +auth_bind_userdn = {{ dovecot_auth_bind_userdn }} +user_filter = {{ dovecot_user_filter }} +user_attrs = {{ dovecot_user_attrs }} diff --git a/playbooks/roles/mail/templates/oauth2.inc.php.j2 b/playbooks/roles/mail/templates/oauth2.inc.php.j2 new file mode 100644 index 0000000..919e162 --- /dev/null +++ b/playbooks/roles/mail/templates/oauth2.inc.php.j2 @@ -0,0 +1,19 @@ +<?php + +$config['oauth_provider'] = 'generic'; +$config['oauth_provider_name'] = 'Misty Mountains Therapy SSO'; +$config['oauth_client_id'] = '{{ roundcube_oauth2_client_id }}'; +$config['oauth_client_secret'] = '{{ roundcube_oauth2_client_basic_secret }}'; +$config['oauth_auth_uri'] = '{{ roundcube_oauth2_auth_uri }}'; +$config['oauth_token_uri'] = '{{ roundcube_oauth2_token_uri }}'; +$config['oauth_identity_uri'] = '{{ roundcube_oauth2_user_uri }}'; + +$config['oauth_verify_peer'] = true; + +$config['oauth_scope'] = 'email openid profile'; +$config['oauth_identity_fields'] = ['email']; + +$config['oauth_login_redirect'] = false; + +$config['force_https'] = true; +$config['use_https'] = true; diff --git a/playbooks/roles/mail/templates/sieve.inc.php.j2 b/playbooks/roles/mail/templates/sieve.inc.php.j2 new file mode 100644 index 0000000..e7b08b0 --- /dev/null +++ b/playbooks/roles/mail/templates/sieve.inc.php.j2 @@ -0,0 +1,4 @@ +<?php + +$config['managesieve_host'] = "tls://{{ mail_domain }}"; +$config['managesieve_auth_type'] = "PLAIN"; diff --git a/playbooks/roles/mail/templates/user-patches.sh.j2 b/playbooks/roles/mail/templates/user-patches.sh.j2 new file mode 100644 index 0000000..6845563 --- /dev/null +++ b/playbooks/roles/mail/templates/user-patches.sh.j2 @@ -0,0 +1,20 @@ +#!/bin/bash + +postconf -e 'smtpd_sasl_type = dovecot' +postconf -e 'smtpd_sasl_path = /dev/shm/sasl-auth.sock' +postconf -e 'smtpd_sasl_auth_enable = yes' +postconf -e 'broken_sasl_auth_clients = yes' + +echo 'auth_username_format = %Ln' >> /etc/dovecot/conf.d/10-auth.conf + +echo 'username_format = %Ln' >> /etc/dovecot/dovecot-oauth2.conf.ext + +echo "passdb { + driver = ldap + args = /etc/dovecot/dovecot-ldap.conf.ext +} + +userdb { + driver = static + args = uid=5000 gid=5000 home=/var/mail/%u +}" > /etc/dovecot/conf.d/auth-ldap.conf.ext |