From 6b242affa5d0858c0e5c85b0cf6592b1601bc7b9 Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:40 +0200 Subject: [PATCH] [roles/server/mail/cyrus] setup cyrus imap/dav server --- .../mail/cyrus/files/default/cyrus.conf | 45 ++++++++++ .../mail/cyrus/files/default/default.sieve | 4 + .../mail/cyrus/files/default/imapd.conf | 82 +++++++++++++++++++ roles/server/mail/cyrus/handlers/main.yml | 13 +++ roles/server/mail/cyrus/meta/main.yml | 10 +++ roles/server/mail/cyrus/tasks/main.yml | 77 +++++++++++++++++ 6 files changed, 231 insertions(+) create mode 100644 roles/server/mail/cyrus/files/default/cyrus.conf create mode 100644 roles/server/mail/cyrus/files/default/default.sieve create mode 100644 roles/server/mail/cyrus/files/default/imapd.conf create mode 100644 roles/server/mail/cyrus/handlers/main.yml create mode 100644 roles/server/mail/cyrus/meta/main.yml create mode 100644 roles/server/mail/cyrus/tasks/main.yml diff --git a/roles/server/mail/cyrus/files/default/cyrus.conf b/roles/server/mail/cyrus/files/default/cyrus.conf new file mode 100644 index 0000000..560f8d0 --- /dev/null +++ b/roles/server/mail/cyrus/files/default/cyrus.conf @@ -0,0 +1,45 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +START { + recover cmd="ctl_cyrusdb -r" +} + +SERVICES { + imap cmd="imapd -U 30" prefork=0 listen="imap" maxchild=500 +# imaps cmd="imapd -s -U 30" prefork=0 listen="imaps" + sieve cmd="timsieved" prefork=0 listen="sieve" + notify cmd="notifyd" prefork=1 listen="/var/lib/cyrus/socket/notify" proto="udp" + lmtpunix cmd="lmtpd" prefork=1 listen="/var/lib/cyrus/socket/lmtp" maxchild=2 + + #nntp cmd="nntpd -U 30" listen="nntp" prefork=0 + #nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 + #http cmd="httpd -U 30" listen="8008" prefork=0 + #https cmd="httpd -s -U 30" listen="8443" prefork=0 +} + +EVENTS { + # This is required. + checkpoint cmd="ctl_cyrusdb -c" period=60 + + # Cleanup duplicatE db, eXpunged emails, deleteD mailboxes, unused user-Tags. + delprune cmd="cyr_expire -E9 -D1 -X2 -t" at=0001 + + # This is only necessary if caching TLS sessions. + tlsprune cmd="tls_prune" at=0002 + + # indexing of mailboxes for server side fulltext searches + # reindex changed mailboxes (fulltext) approximately every other hour + #squatter_1 cmd="/usr/bin/nice -n 19 /usr/sbin/cyrus squatter -s" period=120 + # reindex all mailboxes (fulltext) daily + #squatter_a cmd="/usr/sbin/cyrus squatter" at=0517 +} + +DAEMON { + idled cmd="idled" +} diff --git a/roles/server/mail/cyrus/files/default/default.sieve b/roles/server/mail/cyrus/files/default/default.sieve new file mode 100644 index 0000000..01d44f0 --- /dev/null +++ b/roles/server/mail/cyrus/files/default/default.sieve @@ -0,0 +1,4 @@ +require "fileinto"; + +##### Spam ##### +if header :is "X-Spam-Flag" "YES" { fileinto "spam"; stop; } diff --git a/roles/server/mail/cyrus/files/default/imapd.conf b/roles/server/mail/cyrus/files/default/imapd.conf new file mode 100644 index 0000000..cc37d09 --- /dev/null +++ b/roles/server/mail/cyrus/files/default/imapd.conf @@ -0,0 +1,82 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +# Configuration directory + +servername: CHANGEME +umask: 077 +admins: cyrus +lmtp_downcase_rcpt: yes +internaldate_heuristic: receivedheader + +configdirectory: /var/lib/cyrus +sievedir: /var/spool/sieve +sieveusehomedir: no + +defaultpartition: default +partition-default: /srv/cyrus-mail + +expunge_mode: delayed +delete_mode: delayed +deletedprefix: DELETED +altnamespace: no +unixhierarchysep: no +hashimapspool: yes +allowusermoves: yes +imapidletimeout: 64m +mailbox_legacy_dirs: yes + +sasl_pwcheck_method: saslauthd +sasl_mech_list: LOGIN PLAIN +sasl_minimum_layer: 0 +sasl_max-children: 1 + + +# +# SSL/TLS Options +# +#tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem +#tls_server_key: /etc/ssl/private/ssl-cert-snakeoil.key +tls_server_cert: /etc/ssl/letsencrypt/CHANGEME/fullchain.pem +tls_server_key: /etc/ssl/letsencrypt/CHANGEME/privkey.pem +tls_server_ca_dir: /etc/ssl/certs +tls_session_timeout: 1440 +tls_required: 1 +tls_require_cert: false +tcp_keepalive: 1 + + +## +## KEEP THESE IN SYNC WITH cyrus.conf +## +# Unix domain socket that lmtpd listens on. +#lmtpsocket: /run/cyrus/socket/lmtp +# +# Unix domain socket that idled listens on. +#idlesocket: /run/cyrus/socket/idle +# +# Unix domain socket that the new mail notification daemon listens on. +#notifysocket: /run/cyrus/socket/notify +# +# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap etc.) +syslog_prefix: cyrus + + +## +## DEBUGGING +## +# Debugging hook. See /usr/share/doc/cyrus-common/README.Debian.debug +# Keep the hook disabled when it is not in use +# +# gdb Back-traces +#debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 & +# +# system-call traces +#debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 & +# +# library traces +#debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 & diff --git a/roles/server/mail/cyrus/handlers/main.yml b/roles/server/mail/cyrus/handlers/main.yml new file mode 100644 index 0000000..e29972d --- /dev/null +++ b/roles/server/mail/cyrus/handlers/main.yml @@ -0,0 +1,13 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: restart cyrus-imapd.service + systemd: + name: cyrus-imapd.service + daemon_reload: yes + state: restarted + ignore_errors: yes diff --git a/roles/server/mail/cyrus/meta/main.yml b/roles/server/mail/cyrus/meta/main.yml new file mode 100644 index 0000000..07149b5 --- /dev/null +++ b/roles/server/mail/cyrus/meta/main.yml @@ -0,0 +1,10 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +dependencies: + - { role: server/mail/saslauthd } + - { role: util/letsencrypt-cert, letsencrypt_cert_domain: "{{mail_primary_domain}}" } diff --git a/roles/server/mail/cyrus/tasks/main.yml b/roles/server/mail/cyrus/tasks/main.yml new file mode 100644 index 0000000..b38994d --- /dev/null +++ b/roles/server/mail/cyrus/tasks/main.yml @@ -0,0 +1,77 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: install cyrus + apt: + pkg: + - cyrus-admin + - cyrus-clients + - cyrus-imapd + state: present + policy_rc_d: 101 + tags: "online" + ignore_errors: "{{ignore_online_errors | bool}}" + + +- name: add cyrus user to group ssl-cert,letsencrypt + user: + name: "cyrus" + groups: "ssl-cert,letsencrypt" + append: yes + createhome: no + state: present + + +- name: copy cyrus.conf + copy: + src: "{{item}}" + dest: "/etc/cyrus.conf" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/cyrus.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/cyrus.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/cyrus.conf" + - "default/cyrus.conf" + notify: restart cyrus-imapd.service + + +- name: copy imapd.conf + copy: + src: "{{item}}" + dest: "/etc/imapd.conf" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/imapd.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/imapd.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/imapd.conf" + - "default/imapd.conf" + notify: restart cyrus-imapd.service + + +- name: copy default.sieve + copy: + src: "{{item}}" + dest: "/var/lib/cyrus/default.sieve" + mode: 0600 + owner: "cyrus" + group: "mail" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/default.sieve" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/default.sieve" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/default.sieve" + - "default/default.sieve" + notify: restart cyrus-imapd.service + + +- name: enable and start cyrus-imapd.service + include_role: name="base/systemd/enable-and-start" + vars: + service_name: cyrus-imapd.service -- 2.43.0