summaryrefslogtreecommitdiff
path: root/playbooks/roles/mail/templates
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/roles/mail/templates')
-rw-r--r--playbooks/roles/mail/templates/docker-compose.yml.j271
-rw-r--r--playbooks/roles/mail/templates/dovecot-ldap.conf.j210
-rw-r--r--playbooks/roles/mail/templates/oauth2.inc.php.j219
-rw-r--r--playbooks/roles/mail/templates/sieve.inc.php.j24
-rw-r--r--playbooks/roles/mail/templates/user-patches.sh.j220
5 files changed, 124 insertions, 0 deletions
diff --git a/playbooks/roles/mail/templates/docker-compose.yml.j2 b/playbooks/roles/mail/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..f122185
--- /dev/null
+++ b/playbooks/roles/mail/templates/docker-compose.yml.j2
@@ -0,0 +1,71 @@
+version: '3'
+
+services:
+ roundcube:
+ image: roundcube/roundcubemail:latest
+ restart: always
+ volumes:
+ - ./docker-data/roundcube/www:/var/www/html
+ - ./docker-data/roundcube/db/sqlite:/var/roundcube/db
+ - ./docker-data/roundcube/config:/var/roundcube/config
+ ports:
+ - 127.0.0.1:9002:80
+ environment:
+ - ROUNDCUBEMAIL_DB_TYPE=sqlite
+ - ROUNDCUBEMAIL_SKIN=elastic
+ - ROUNDCUBEMAIL_PLUGINS={{ roundcube_plugins }}
+ - ROUNDCUBEMAIL_DEFAULT_HOST={{ roundcube_default_host }}
+ - ROUNDCUBEMAIL_DEFAULT_PORT={{ roundcube_default_port }}
+ - ROUNDCUBEMAIL_SMTP_SERVER={{ roundcube_smtp_host }}
+ - ROUNDCUBEMAIL_SMTP_PORT={{ roundcube_smtp_port }}
+
+ mailserver:
+ image: ghcr.io/docker-mailserver/docker-mailserver:latest
+ hostname: {{ mail_domain }}
+ restart: always
+ ports:
+ - 0.0.0.0:25:25
+ - 0.0.0.0:465:465
+ - 0.0.0.0:587:587
+ - 0.0.0.0:993:993
+ - 0.0.0.0:4190:4190
+ volumes:
+ - ./docker-data/dms/mail-data/:/var/mail/
+ - ./docker-data/dms/mail-state/:/var/mail-state/
+ - ./docker-data/dms/mail-logs/:/var/log/mail/
+ - ./docker-data/dms/config/:/tmp/docker-mailserver/
+ - ./docker-data/dms/config/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf.ext
+ - /etc/letsencrypt:/etc/letsencrypt:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - SSL_TYPE=letsencrypt
+ - ENABLE_CLAMAV=0
+ - ENABLE_AMAVIS=1
+ - ENABLE_FAIL2BAN=1
+ - ENABLE_SASLAUTHD=1
+ - ENABLE_MANAGESIEVE=1
+ - ENABLE_POSTGREY=0
+
+ - SPOOF_PROTECTION=1
+ - ACCOUNT_PROVISIONER=LDAP
+ - LDAP_SERVER_HOST={{ ldap_server_host }}
+ - LDAP_SEARCH_BASE={{ ldap_search_base }}
+ - LDAP_BIND_DN={{ ldap_bind_dn }}
+ - LDAP_BIND_PW={{ email_ldap_api_token }}
+
+ - LDAP_QUERY_FILTER_USER={{ ldap_query_filter_user }}
+ - LDAP_QUERY_FILTER_GROUP={{ ldap_query_filter_group }}
+ - LDAP_QUERY_FILTER_ALIAS={{ ldap_query_filter_alias }}
+ - LDAP_QUERY_FILTER_DOMAIN={{ ldap_query_filter_domain }}
+ - LDAP_QUERY_FILTER_SENDERS={{ ldap_query_filter_senders }}
+
+ - POSTMASTER_ADDRESS={{ postmaster_email }}
+
+ - ENABLE_SASLAUTHD=1
+ - SASLAUTHD_MECHANISMS=ldap
+ - SASLAUTHD_LDAP_FILTER={{ sasl_ldap_filter }}
+
+ - ENABLE_OAUTH2=1
+ - OAUTH2_INTROSPECTION_URL={{ roundcube_oauth2_user_uri }}
+ extra_hosts:
+ - {{ ldap_server }}:{{ ldap_intranet }}
diff --git a/playbooks/roles/mail/templates/dovecot-ldap.conf.j2 b/playbooks/roles/mail/templates/dovecot-ldap.conf.j2
new file mode 100644
index 0000000..92bfcbd
--- /dev/null
+++ b/playbooks/roles/mail/templates/dovecot-ldap.conf.j2
@@ -0,0 +1,10 @@
+base = {{ ldap_search_base }}
+uris = {{ ldap_server_host }}
+tls = no
+ldap_version = 3
+default_pass_scheme = SSHA
+
+auth_bind = yes
+auth_bind_userdn = {{ dovecot_auth_bind_userdn }}
+user_filter = {{ dovecot_user_filter }}
+user_attrs = {{ dovecot_user_attrs }}
diff --git a/playbooks/roles/mail/templates/oauth2.inc.php.j2 b/playbooks/roles/mail/templates/oauth2.inc.php.j2
new file mode 100644
index 0000000..919e162
--- /dev/null
+++ b/playbooks/roles/mail/templates/oauth2.inc.php.j2
@@ -0,0 +1,19 @@
+<?php
+
+$config['oauth_provider'] = 'generic';
+$config['oauth_provider_name'] = 'Misty Mountains Therapy SSO';
+$config['oauth_client_id'] = '{{ roundcube_oauth2_client_id }}';
+$config['oauth_client_secret'] = '{{ roundcube_oauth2_client_basic_secret }}';
+$config['oauth_auth_uri'] = '{{ roundcube_oauth2_auth_uri }}';
+$config['oauth_token_uri'] = '{{ roundcube_oauth2_token_uri }}';
+$config['oauth_identity_uri'] = '{{ roundcube_oauth2_user_uri }}';
+
+$config['oauth_verify_peer'] = true;
+
+$config['oauth_scope'] = 'email openid profile';
+$config['oauth_identity_fields'] = ['email'];
+
+$config['oauth_login_redirect'] = false;
+
+$config['force_https'] = true;
+$config['use_https'] = true;
diff --git a/playbooks/roles/mail/templates/sieve.inc.php.j2 b/playbooks/roles/mail/templates/sieve.inc.php.j2
new file mode 100644
index 0000000..e7b08b0
--- /dev/null
+++ b/playbooks/roles/mail/templates/sieve.inc.php.j2
@@ -0,0 +1,4 @@
+<?php
+
+$config['managesieve_host'] = "tls://{{ mail_domain }}";
+$config['managesieve_auth_type'] = "PLAIN";
diff --git a/playbooks/roles/mail/templates/user-patches.sh.j2 b/playbooks/roles/mail/templates/user-patches.sh.j2
new file mode 100644
index 0000000..6845563
--- /dev/null
+++ b/playbooks/roles/mail/templates/user-patches.sh.j2
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+postconf -e 'smtpd_sasl_type = dovecot'
+postconf -e 'smtpd_sasl_path = /dev/shm/sasl-auth.sock'
+postconf -e 'smtpd_sasl_auth_enable = yes'
+postconf -e 'broken_sasl_auth_clients = yes'
+
+echo 'auth_username_format = %Ln' >> /etc/dovecot/conf.d/10-auth.conf
+
+echo 'username_format = %Ln' >> /etc/dovecot/dovecot-oauth2.conf.ext
+
+echo "passdb {
+ driver = ldap
+ args = /etc/dovecot/dovecot-ldap.conf.ext
+}
+
+userdb {
+ driver = static
+ args = uid=5000 gid=5000 home=/var/mail/%u
+}" > /etc/dovecot/conf.d/auth-ldap.conf.ext