From fc7c935f0cd2dfb3245393afdc56d45ec7030300 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Sat, 17 Mar 2018 14:05:12 +0800
Subject: mail/dovecot: store pass in ansible vault and hash from there

---
 roles/mail/tasks/main.yml              |  4 ----
 roles/mail/templates/dovecot/passdb.j2 | 24 +++++++++++++-----------
 2 files changed, 13 insertions(+), 15 deletions(-)

(limited to 'roles/mail')

diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
index c243a36..72debac 100644
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@@ -92,10 +92,6 @@
     -exec sievec '{}' ';'
   tags: dovecot
 
-- name: dovecot - include passdb vars file
-  include_vars: "{{ playbook_dir }}/private/dovecot/passdb.yml"
-  tags: dovecot
-
 - name: dovecot - generate passdb and userdb
   template:
     src: dovecot/{{ item }}.j2
diff --git a/roles/mail/templates/dovecot/passdb.j2 b/roles/mail/templates/dovecot/passdb.j2
index a8c4ab7..e6c65c9 100644
--- a/roles/mail/templates/dovecot/passdb.j2
+++ b/roles/mail/templates/dovecot/passdb.j2
@@ -21,23 +21,25 @@
 {% for domain in mail.domains %}
 # [domain: {{ domain }}]
 {% for user in mail.userdb %}
-{% set name = user.name %}
-{% set email = name + "@" + domain %}
-{% set pass = passdb[name].pass %}
-# (user: {{ name }})
-{{ email }}:{{ pass }}::::::user={{ email }}
+{% set username = user.name %}
+{% set email = username + "@" + domain %}
+{% set pass = user.pass %}
+# (user: {{ username }})
+{{ email }}:{{ pass | dovecot_makepass }}::::::user={{ email }}
 {% for dev in user.devices|default([]) %}
-{% set pass = passdb[name].devices[dev] %}
-{{ email }}@{{ dev }}:{{ pass }}::::::user={{ email }}
+{% set devname = dev.name %}
+{% set pass = dev.pass %}
+{{ email }}@{{ devname }}:{{ pass | dovecot_makepass }}::::::user={{ email }}
 {% endfor %}{# devices #}
-{% if name != "root" and user.aliases is defined %}
+{% if username != "root" and user.aliases is defined %}
 # aliases
 {% for alias in user.aliases|default([]) %}
 {% set email = alias + "@" + domain %}
-{{ email }}:{{ pass }}::::::user={{ email }}
+{{ email }}:{{ pass | dovecot_makepass }}::::::user={{ email }}
 {% for dev in user.devices|default([]) %}
-{% set pass = passdb[name].devices[dev] %}
-{{ email }}@{{ dev }}:{{ pass }}::::::user={{ email }}
+{% set devname = dev.name %}
+{% set pass = dev.pass %}
+{{ email }}@{{ devname }}:{{ pass | dovecot_makepass }}::::::user={{ email }}
 {% endfor %}{# devices #}
 {% endfor %}{# alias #}
 {% endif %}{# aliases #}
-- 
cgit v1.2.2