From 2fc9964ed989931b2a54549f582e9b31491a5617 Mon Sep 17 00:00:00 2001
From: Someone <someone@somenet.org>
Date: Tue, 25 Mar 2025 22:35:34 +0100
Subject: [PATCH] [roles/server/mail/saslauthd] setup saslauthd

---
 .../saslauthd/files/default/saslauthd.conf    | 15 ++++
 .../files/default/saslauthd.defaults          | 69 +++++++++++++++++++
 roles/server/mail/saslauthd/handlers/main.yml | 13 ++++
 roles/server/mail/saslauthd/tasks/main.yml    | 51 ++++++++++++++
 4 files changed, 148 insertions(+)
 create mode 100644 roles/server/mail/saslauthd/files/default/saslauthd.conf
 create mode 100644 roles/server/mail/saslauthd/files/default/saslauthd.defaults
 create mode 100644 roles/server/mail/saslauthd/handlers/main.yml
 create mode 100644 roles/server/mail/saslauthd/tasks/main.yml

diff --git a/roles/server/mail/saslauthd/files/default/saslauthd.conf b/roles/server/mail/saslauthd/files/default/saslauthd.conf
new file mode 100644
index 0000000..d52858a
--- /dev/null
+++ b/roles/server/mail/saslauthd/files/default/saslauthd.conf
@@ -0,0 +1,15 @@
+#
+################################################
+### Managed by someone's ansible provisioner ###
+################################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2025 by someone <someone@somenet.org>
+#
+#
+# LDAP-Settings for saslauthd daemon
+# Read if setting MECHANISMS="ldap" in /etc/defaults/saslauthd
+#
+#ldap_servers: ldap://127.0.0.1/
+#ldap_search_base: o=CHANGEME
+#ldap_bind_dn: cn=root,o=CHANGEME
+#ldap_password: CHANGEME
diff --git a/roles/server/mail/saslauthd/files/default/saslauthd.defaults b/roles/server/mail/saslauthd/files/default/saslauthd.defaults
new file mode 100644
index 0000000..03f5cff
--- /dev/null
+++ b/roles/server/mail/saslauthd/files/default/saslauthd.defaults
@@ -0,0 +1,69 @@
+#
+################################################
+### Managed by someone's ansible provisioner ###
+################################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2025 by someone <someone@somenet.org>
+#
+#
+# Settings for saslauthd daemon
+# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
+#
+
+# Should saslauthd run automatically on startup? (default: no)
+START=yes
+
+# Description of this saslauthd instance. Recommended.
+# (suggestion: SASL Authentication Daemon)
+DESC="SASL Authentication Daemon"
+
+# Short name of this saslauthd instance. Strongly recommended.
+# (suggestion: saslauthd)
+NAME="saslauthd"
+
+# Which authentication mechanisms should saslauthd use? (default: pam)
+#
+# Available options in this Debian package:
+# getpwent  -- use the getpwent() library function
+# kerberos5 -- use Kerberos 5
+# pam       -- use PAM
+# rimap     -- use a remote IMAP server
+# shadow    -- use the local shadow password file
+# sasldb    -- use the local sasldb database file
+# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
+#
+# Only one option may be used at a time. See the saslauthd man page
+# for more information.
+#
+# Example: MECHANISMS="pam"
+MECHANISMS="pam"
+
+# Additional options for this mechanism. (default: none)
+# See the saslauthd man page for information about mech-specific options.
+MECH_OPTIONS=""
+
+# How many saslauthd processes should we run? (default: 5)
+# A value of 0 will fork a new process for each connection.
+THREADS=2
+
+# Other options (default: -c -m /var/run/saslauthd)
+# Note: You MUST specify the -m option or saslauthd won't run!
+#
+# WARNING: DO NOT SPECIFY THE -d OPTION.
+# The -d option will cause saslauthd to run in the foreground instead of as
+# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
+# to run saslauthd in debug mode, please run it by hand to be safe.
+#
+# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
+# See the saslauthd man page and the output of 'saslauthd -h' for general
+# information about these options.
+#
+# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
+# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
+#
+# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
+# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
+# then your Postfix is running in a chroot.
+# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
+# running in a chroot.
+OPTIONS="-V -c -m /var/run/saslauthd"
diff --git a/roles/server/mail/saslauthd/handlers/main.yml b/roles/server/mail/saslauthd/handlers/main.yml
new file mode 100644
index 0000000..99265fa
--- /dev/null
+++ b/roles/server/mail/saslauthd/handlers/main.yml
@@ -0,0 +1,13 @@
+#####################################
+### someone's ansible provisioner ###
+#####################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2025 by someone <someone@somenet.org>
+#
+---
+- name: restart saslauthd.service
+  systemd:
+    name: saslauthd.service
+    daemon_reload: yes
+    state: restarted
+  ignore_errors: yes
diff --git a/roles/server/mail/saslauthd/tasks/main.yml b/roles/server/mail/saslauthd/tasks/main.yml
new file mode 100644
index 0000000..d63d8e5
--- /dev/null
+++ b/roles/server/mail/saslauthd/tasks/main.yml
@@ -0,0 +1,51 @@
+#####################################
+### someone's ansible provisioner ###
+#####################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2025 by someone <someone@somenet.org>
+#
+---
+- name: install saslauthd
+  apt:
+    pkg:
+    - sasl2-bin
+    state: present
+    policy_rc_d: 101
+  tags: "online"
+  ignore_errors: "{{ignore_online_errors | bool}}"
+
+
+- name: copy saslauthd defaults
+  copy:
+    src: "{{item}}"
+    dest: "/etc/default/saslauthd"
+    mode: 0644
+    owner: "root"
+    group: "root"
+  with_first_found:
+    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/saslauthd.defaults"
+    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/saslauthd.defaults"
+    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/saslauthd.defaults"
+    - "default/saslauthd.defaults"
+  notify: restart saslauthd.service
+
+
+- name: copy saslauthd.conf
+  copy:
+    src: "{{item}}"
+    dest: "/etc/saslauthd.conf"
+    mode: 0644
+    owner: "root"
+    group: "root"
+  with_first_found:
+    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/saslauthd.conf"
+    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/saslauthd.conf"
+    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/saslauthd.conf"
+    - "default/saslauthd.conf"
+  notify: restart saslauthd.service
+
+
+- name: enable and start saslauthd.service
+  include_role: name="base/systemd/enable-and-start"
+  vars:
+    service_name: saslauthd.service
-- 
2.43.0