aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-17 14:05:12 +0800
committerAaron LI <aly@aaronly.me>2018-03-17 14:05:12 +0800
commitfc7c935f0cd2dfb3245393afdc56d45ec7030300 (patch)
tree66f858565178ce617897565652b004d925debe94
parente4367653d0f5d2a2b94b1f4e68f8dacd25086f76 (diff)
downloadansible-dfly-vps-fc7c935f0cd2dfb3245393afdc56d45ec7030300.tar.bz2
mail/dovecot: store pass in ansible vault and hash from there
-rw-r--r--group_vars/all/vars.yml28
-rw-r--r--group_vars/all/vault.yml64
-rw-r--r--roles/mail/tasks/main.yml4
-rw-r--r--roles/mail/templates/dovecot/passdb.j224
4 files changed, 78 insertions, 42 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 6998c98..5c45138 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -65,22 +65,34 @@ mail:
- hostmaster
- webmaster
- abuse
+ pass: "{{ vault_mail_userdb_root_pass }}"
- name: aly
+ pass: "{{ vault_mail_userdb_aly_pass }}"
# for app/device-specific passwords
devices:
- - laptop
- - office
- - phone
- - tablet
+ - name: laptop
+ pass: "{{ vault_mail_userdb_aly_pass_laptop }}"
+ - name: office
+ pass: "{{ vault_mail_userdb_aly_pass_office }}"
+ - name: phone
+ pass: "{{ vault_mail_userdb_aly_pass_phone }}"
+ - name: tablet
+ pass: "{{ vault_mail_userdb_aly_pass_tablet }}"
- name: lulu
+ pass: "{{ vault_mail_userdb_lulu_pass }}"
- name: wt
aliases:
- weitian
+ pass: "{{ vault_mail_userdb_wt_pass }}"
devices:
- - laptop
- - office
- - phone
- - tablet
+ - name: laptop
+ pass: "{{ vault_mail_userdb_wt_pass_laptop }}"
+ - name: office
+ pass: "{{ vault_mail_userdb_wt_pass_office }}"
+ - name: phone
+ pass: "{{ vault_mail_userdb_wt_pass_phone }}"
+ - name: tablet
+ pass: "{{ vault_mail_userdb_wt_pass_tablet }}"
# Virtual user for local mail delivery (e.g., by Dovecot)
vuser:
name: vmail # user & group name
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index 30bec53..b69aff4 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,20 +1,46 @@
$ANSIBLE_VAULT;1.1;AES256
-65316331323834623136353637646131316535356337336536663638353165383035343339323934
-3335613462656231396433626663303864383161316235370a356333323535366466643262653234
-62666364616137356138363333306664313532323262616363646231306666343434333934346533
-6535316164623461320a366362333139306430636237313339356131356134306339616463356264
-61366663353036653063373863643337613635376663636265306663653663363262316433373339
-31633365633235653063323034653038383932656561363161323236653064613038336461353233
-34373366326334623062363362393631373737303330343033643937623730353062393139386132
-35623161303232383930613564393362656632313562393765323533306139346237386461386339
-34336639326163643631303661303762303539356130306239336335376361663235383335333931
-37633466343933643666366132613839383964366535356466623837313464636438393036643865
-34396265353130666539366562643366626463633662336431366337393032663563323334636465
-64336139316666323037313062393335346638663961643635386534613161373435663461313464
-63343432626164306231346533616131633531643037353365366130303838353863663333373966
-30363830653061333165363432303261396332353463663034366161323862333562353062343461
-65633034303237623337316562656636626131323662316562616233333563393932363664653064
-65626462666434653265626435373635316466366333366632336265636632633465356337656466
-66626530396138663466383461313038363331346334613230353939323337336433306565326263
-39346535363861393961316362386363383938393538373038366537393861623666383137666239
-623231396461386461663439343661383336
+31636433343664393661363232663562393138343436323136323336623166333334303563653166
+6534346164373231323433393630396530616135353866620a646632653362373739373938393733
+64623565663834313037656237633862353833666464663639653933653033326333306231323364
+3037366636646137300a666263306430616362313330386337313662646238613735313865653330
+61643762373437353039336266646139646261353037633139376434643335626330623431393037
+32366239636331316433356439353033616435626238333566336162646337386533373232353938
+65336365386436613039633861656465363937646165666562373730363335343635356338626236
+39376361656266396334626535653332346662343863306566373731386564636136343531346666
+62633332336639393463363434376436343030306661653431663030326665323835653532383063
+65326536323138303232336533356462633632356231396365306239326238623135366466393230
+36336634343565326130303562633166653862616563303064393939366666633938633930636433
+33386365353362663665303437363238623637373931373238643763306632643631633863363163
+35353838386331393936383631373937653438333534616161306431626362323863323463386130
+61663038333765396332373166646634323032636130346334643837636534346162616336393735
+30363930393937326664376332336165383039343866373961373834643066343762633530313330
+65633662636133666362383730303664333166376635663063336461343066636332653831373639
+61616232383862373637623531313632313833393064333137653663393365336465636530653532
+64363133343330343932663461643539313536373763643930373735376165313837353939323330
+34396130396330336165623031663136613839353662396430626436326561613565646237303166
+31366434303565363034376633373664366531653563336539646233316332306239626464303339
+35323033643532313836643732363165666362343437336265303666666138383031656166353531
+37333839613537303035653963646134623730343261633037343437313865656639383339366539
+37353062366631306432353835376333303837666265303539343562306237643638313630646366
+65626465303331336466393135346665356132393230303664386537616134393463353839393231
+36383462326636313931393436653534323337336431623935313536656662653361373462376436
+34343736363334363136383038336634333461613135393835303264373563613931383035393734
+62383739376663336233356532393432303436373435623261393562613837333865373036373838
+34633532346666633066353763383538316632303364633436663336326330363739663537323762
+39323963623637373236343662353833316637386537313962326264646630636633623138613361
+65626366333337386562373237656337646234666365303831373939376531346632623331366363
+32323333646364653732653136353332633633346232623332636232623362303163343934323563
+64303965383836323531316435356361313766343563326337663161363263323634356437666334
+33633633636562663132366237396338646437633532623266363361666335343431613862313963
+30366630303132613434303966323238386264626662366539623537653135373363633039346664
+37616531313761326631323637363735333134343665613133393534313834646166386463633734
+62316631343332393465353132396431343831383062336165333061653938396231333937373331
+32663061623962376463306561316237626261646232626231633736333564623533646661656662
+37353639653036323535366438356664366235383331643232376465663862313535316364353737
+34666635663264613030323933333361346530633939626464323933336634303266633966326530
+66643336303566633139633664356261366233626133333365346337393034356266656538663738
+34623134303361663565383161616261636130623761353738363365366533383732666430316661
+62393066346438616265343333636362363662343237633737333662306435306338333565313933
+38396665306464616330626364623931613062663365303761613839616233623237363665323266
+64336136303064323634666537613661313132343663393034393665313739656430633334653065
+64303966376361613962646436373434643034646130623638616238313561626265
diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
index c243a36..72debac 100644
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@@ -92,10 +92,6 @@
-exec sievec '{}' ';'
tags: dovecot
-- name: dovecot - include passdb vars file
- include_vars: "{{ playbook_dir }}/private/dovecot/passdb.yml"
- tags: dovecot
-
- name: dovecot - generate passdb and userdb
template:
src: dovecot/{{ item }}.j2
diff --git a/roles/mail/templates/dovecot/passdb.j2 b/roles/mail/templates/dovecot/passdb.j2
index a8c4ab7..e6c65c9 100644
--- a/roles/mail/templates/dovecot/passdb.j2
+++ b/roles/mail/templates/dovecot/passdb.j2
@@ -21,23 +21,25 @@
{% for domain in mail.domains %}
# [domain: {{ domain }}]
{% for user in mail.userdb %}
-{% set name = user.name %}
-{% set email = name + "@" + domain %}
-{% set pass = passdb[name].pass %}
-# (user: {{ name }})
-{{ email }}:{{ pass }}::::::user={{ email }}
+{% set username = user.name %}
+{% set email = username + "@" + domain %}
+{% set pass = user.pass %}
+# (user: {{ username }})
+{{ email }}:{{ pass | dovecot_makepass }}::::::user={{ email }}
{% for dev in user.devices|default([]) %}
-{% set pass = passdb[name].devices[dev] %}
-{{ email }}@{{ dev }}:{{ pass }}::::::user={{ email }}
+{% set devname = dev.name %}
+{% set pass = dev.pass %}
+{{ email }}@{{ devname }}:{{ pass | dovecot_makepass }}::::::user={{ email }}
{% endfor %}{# devices #}
-{% if name != "root" and user.aliases is defined %}
+{% if username != "root" and user.aliases is defined %}
# aliases
{% for alias in user.aliases|default([]) %}
{% set email = alias + "@" + domain %}
-{{ email }}:{{ pass }}::::::user={{ email }}
+{{ email }}:{{ pass | dovecot_makepass }}::::::user={{ email }}
{% for dev in user.devices|default([]) %}
-{% set pass = passdb[name].devices[dev] %}
-{{ email }}@{{ dev }}:{{ pass }}::::::user={{ email }}
+{% set devname = dev.name %}
+{% set pass = dev.pass %}
+{{ email }}@{{ devname }}:{{ pass | dovecot_makepass }}::::::user={{ email }}
{% endfor %}{# devices #}
{% endfor %}{# alias #}
{% endif %}{# aliases #}