From 32a78bd5373ab5b4d12b7594340a64fc044bf295 Mon Sep 17 00:00:00 2001
From: LecygneNoir <victor.jlc@laposte.net>
Date: Sun, 19 Mar 2017 16:11:17 +0100
Subject: [PATCH] add SSL configuration for dovecot for secure imap/pop and
 STARTLS useage

---
 roles/mail/files/etc-dovecot-conf.d-10-ssl.conf | 13 +++++++++++++
 roles/mail/tasks/main.yml                       |  3 +++
 2 files changed, 16 insertions(+)
 create mode 100644 roles/mail/files/etc-dovecot-conf.d-10-ssl.conf

diff --git a/roles/mail/files/etc-dovecot-conf.d-10-ssl.conf b/roles/mail/files/etc-dovecot-conf.d-10-ssl.conf
new file mode 100644
index 0000000..fcebade
--- /dev/null
+++ b/roles/mail/files/etc-dovecot-conf.d-10-ssl.conf
@@ -0,0 +1,13 @@
+##
+## SSL settings
+##
+
+# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+ssl = required
+
+# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+# dropping root privileges, so keep the key file unreadable by anyone but
+# root. Included doc/mkcert.sh can be used to easily generate self-signed
+# certificate, just make sure to update the domains in dovecot-openssl.cnf
+ssl_cert = </etc/ssl/mail.crt
+ssl_key = </etc/ssl/mail.key
diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
index 16a7c2b..b89ed11 100644
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@@ -56,6 +56,9 @@
 - name: Copy dovecot config files - dovecot-mysql.conf
   template: src=dovecot-mysql.conf dest=/etc/dovecot/ owner=root mode=655
 
+- name: Copy dovecot config file - 10-ssl.conf
+  copy: src=etc-dovecot-conf.d-10-ssl.conf dest=/etc/dovecot/conf.d/10-ssl.conf owner=root mode=644
+
 - name: Copy postfixadmin config files - dbconfig.inc.php pfxadmin
   template: src=dbconfig.inc.php dest=/etc/postfixadmin/ owner=root mode=655