diff options
author | Aaron LI <aly@aaronly.me> | 2018-03-17 14:05:12 +0800 |
---|---|---|
committer | Aaron LI <aly@aaronly.me> | 2018-03-17 14:05:12 +0800 |
commit | fc7c935f0cd2dfb3245393afdc56d45ec7030300 (patch) | |
tree | 66f858565178ce617897565652b004d925debe94 | |
parent | e4367653d0f5d2a2b94b1f4e68f8dacd25086f76 (diff) | |
download | ansible-dfly-vps-fc7c935f0cd2dfb3245393afdc56d45ec7030300.tar.bz2 |
mail/dovecot: store pass in ansible vault and hash from there
-rw-r--r-- | group_vars/all/vars.yml | 28 | ||||
-rw-r--r-- | group_vars/all/vault.yml | 64 | ||||
-rw-r--r-- | roles/mail/tasks/main.yml | 4 | ||||
-rw-r--r-- | roles/mail/templates/dovecot/passdb.j2 | 24 |
4 files changed, 78 insertions, 42 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 6998c98..5c45138 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -65,22 +65,34 @@ mail: - hostmaster - webmaster - abuse + pass: "{{ vault_mail_userdb_root_pass }}" - name: aly + pass: "{{ vault_mail_userdb_aly_pass }}" # for app/device-specific passwords devices: - - laptop - - office - - phone - - tablet + - name: laptop + pass: "{{ vault_mail_userdb_aly_pass_laptop }}" + - name: office + pass: "{{ vault_mail_userdb_aly_pass_office }}" + - name: phone + pass: "{{ vault_mail_userdb_aly_pass_phone }}" + - name: tablet + pass: "{{ vault_mail_userdb_aly_pass_tablet }}" - name: lulu + pass: "{{ vault_mail_userdb_lulu_pass }}" - name: wt aliases: - weitian + pass: "{{ vault_mail_userdb_wt_pass }}" devices: - - laptop - - office - - phone - - tablet + - name: laptop + pass: "{{ vault_mail_userdb_wt_pass_laptop }}" + - name: office + pass: "{{ vault_mail_userdb_wt_pass_office }}" + - name: phone + pass: "{{ vault_mail_userdb_wt_pass_phone }}" + - name: tablet + pass: "{{ vault_mail_userdb_wt_pass_tablet }}" # Virtual user for local mail delivery (e.g., by Dovecot) vuser: name: vmail # user & group name diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 30bec53..b69aff4 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,20 +1,46 @@ $ANSIBLE_VAULT;1.1;AES256 -65316331323834623136353637646131316535356337336536663638353165383035343339323934 -3335613462656231396433626663303864383161316235370a356333323535366466643262653234 -62666364616137356138363333306664313532323262616363646231306666343434333934346533 -6535316164623461320a366362333139306430636237313339356131356134306339616463356264 -61366663353036653063373863643337613635376663636265306663653663363262316433373339 -31633365633235653063323034653038383932656561363161323236653064613038336461353233 -34373366326334623062363362393631373737303330343033643937623730353062393139386132 -35623161303232383930613564393362656632313562393765323533306139346237386461386339 -34336639326163643631303661303762303539356130306239336335376361663235383335333931 -37633466343933643666366132613839383964366535356466623837313464636438393036643865 -34396265353130666539366562643366626463633662336431366337393032663563323334636465 -64336139316666323037313062393335346638663961643635386534613161373435663461313464 -63343432626164306231346533616131633531643037353365366130303838353863663333373966 -30363830653061333165363432303261396332353463663034366161323862333562353062343461 -65633034303237623337316562656636626131323662316562616233333563393932363664653064 -65626462666434653265626435373635316466366333366632336265636632633465356337656466 -66626530396138663466383461313038363331346334613230353939323337336433306565326263 -39346535363861393961316362386363383938393538373038366537393861623666383137666239 -623231396461386461663439343661383336 +31636433343664393661363232663562393138343436323136323336623166333334303563653166 +6534346164373231323433393630396530616135353866620a646632653362373739373938393733 +64623565663834313037656237633862353833666464663639653933653033326333306231323364 +3037366636646137300a666263306430616362313330386337313662646238613735313865653330 +61643762373437353039336266646139646261353037633139376434643335626330623431393037 +32366239636331316433356439353033616435626238333566336162646337386533373232353938 +65336365386436613039633861656465363937646165666562373730363335343635356338626236 +39376361656266396334626535653332346662343863306566373731386564636136343531346666 +62633332336639393463363434376436343030306661653431663030326665323835653532383063 +65326536323138303232336533356462633632356231396365306239326238623135366466393230 +36336634343565326130303562633166653862616563303064393939366666633938633930636433 +33386365353362663665303437363238623637373931373238643763306632643631633863363163 +35353838386331393936383631373937653438333534616161306431626362323863323463386130 +61663038333765396332373166646634323032636130346334643837636534346162616336393735 +30363930393937326664376332336165383039343866373961373834643066343762633530313330 +65633662636133666362383730303664333166376635663063336461343066636332653831373639 +61616232383862373637623531313632313833393064333137653663393365336465636530653532 +64363133343330343932663461643539313536373763643930373735376165313837353939323330 +34396130396330336165623031663136613839353662396430626436326561613565646237303166 +31366434303565363034376633373664366531653563336539646233316332306239626464303339 +35323033643532313836643732363165666362343437336265303666666138383031656166353531 +37333839613537303035653963646134623730343261633037343437313865656639383339366539 +37353062366631306432353835376333303837666265303539343562306237643638313630646366 +65626465303331336466393135346665356132393230303664386537616134393463353839393231 +36383462326636313931393436653534323337336431623935313536656662653361373462376436 +34343736363334363136383038336634333461613135393835303264373563613931383035393734 +62383739376663336233356532393432303436373435623261393562613837333865373036373838 +34633532346666633066353763383538316632303364633436663336326330363739663537323762 +39323963623637373236343662353833316637386537313962326264646630636633623138613361 +65626366333337386562373237656337646234666365303831373939376531346632623331366363 +32323333646364653732653136353332633633346232623332636232623362303163343934323563 +64303965383836323531316435356361313766343563326337663161363263323634356437666334 +33633633636562663132366237396338646437633532623266363361666335343431613862313963 +30366630303132613434303966323238386264626662366539623537653135373363633039346664 +37616531313761326631323637363735333134343665613133393534313834646166386463633734 +62316631343332393465353132396431343831383062336165333061653938396231333937373331 +32663061623962376463306561316237626261646232626231633736333564623533646661656662 +37353639653036323535366438356664366235383331643232376465663862313535316364353737 +34666635663264613030323933333361346530633939626464323933336634303266633966326530 +66643336303566633139633664356261366233626133333365346337393034356266656538663738 +34623134303361663565383161616261636130623761353738363365366533383732666430316661 +62393066346438616265343333636362363662343237633737333662306435306338333565313933 +38396665306464616330626364623931613062663365303761613839616233623237363665323266 +64336136303064323634666537613661313132343663393034393665313739656430633334653065 +64303966376361613962646436373434643034646130623638616238313561626265 diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index c243a36..72debac 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -92,10 +92,6 @@ -exec sievec '{}' ';' tags: dovecot -- name: dovecot - include passdb vars file - include_vars: "{{ playbook_dir }}/private/dovecot/passdb.yml" - tags: dovecot - - name: dovecot - generate passdb and userdb template: src: dovecot/{{ item }}.j2 diff --git a/roles/mail/templates/dovecot/passdb.j2 b/roles/mail/templates/dovecot/passdb.j2 index a8c4ab7..e6c65c9 100644 --- a/roles/mail/templates/dovecot/passdb.j2 +++ b/roles/mail/templates/dovecot/passdb.j2 @@ -21,23 +21,25 @@ {% for domain in mail.domains %} # [domain: {{ domain }}] {% for user in mail.userdb %} -{% set name = user.name %} -{% set email = name + "@" + domain %} -{% set pass = passdb[name].pass %} -# (user: {{ name }}) -{{ email }}:{{ pass }}::::::user={{ email }} +{% set username = user.name %} +{% set email = username + "@" + domain %} +{% set pass = user.pass %} +# (user: {{ username }}) +{{ email }}:{{ pass | dovecot_makepass }}::::::user={{ email }} {% for dev in user.devices|default([]) %} -{% set pass = passdb[name].devices[dev] %} -{{ email }}@{{ dev }}:{{ pass }}::::::user={{ email }} +{% set devname = dev.name %} +{% set pass = dev.pass %} +{{ email }}@{{ devname }}:{{ pass | dovecot_makepass }}::::::user={{ email }} {% endfor %}{# devices #} -{% if name != "root" and user.aliases is defined %} +{% if username != "root" and user.aliases is defined %} # aliases {% for alias in user.aliases|default([]) %} {% set email = alias + "@" + domain %} -{{ email }}:{{ pass }}::::::user={{ email }} +{{ email }}:{{ pass | dovecot_makepass }}::::::user={{ email }} {% for dev in user.devices|default([]) %} -{% set pass = passdb[name].devices[dev] %} -{{ email }}@{{ dev }}:{{ pass }}::::::user={{ email }} +{% set devname = dev.name %} +{% set pass = dev.pass %} +{{ email }}@{{ devname }}:{{ pass | dovecot_makepass }}::::::user={{ email }} {% endfor %}{# devices #} {% endfor %}{# alias #} {% endif %}{# aliases #} |