Merge branch 'feature/virtual-mailboxes' into develop

sergei-maertens · Nov 17, 2019 · 39fa21f · 39fa21f
2 parents 1d7d200 + 171e04d
commit 39fa21f
Show file tree

Hide file tree

Showing 13 changed files with 102 additions and 27 deletions.
diff --git a/deployment/mailserver.yml b/deployment/mailserver.yml
@@ -30,5 +30,7 @@
     - postfixer
     - ssl
     - nginx
-    - postfix
+    - role: postfix
+      tags:
+        - mail
     - dovecot
diff --git a/deployment/roles/dovecot/defaults/main.yml b/deployment/roles/dovecot/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 
 dovecot_user: vmail
+dovecot_user_uid: 1005
 
 dovecot_mail_basedir: /var/mail/domains/
diff --git a/deployment/roles/dovecot/tasks/main.yml b/deployment/roles/dovecot/tasks/main.yml
@@ -12,11 +12,13 @@
 - name: Create the dovecot user group
   group:
     name: "{{ dovecot_user }}"
+    gid: "{{ dovecot_user_uid }}"
     state: present
 
 - name: Create the mail user
   user:
     name: "{{ dovecot_user }}"
+    uid: "{{ dovecot_user_uid }}"
     group: "{{ dovecot_user }}"
     shell: /usr/sbin/nologin
     create_home: yes

diff --git a/deployment/roles/nginx/files/logformat.conf b/deployment/roles/nginx/files/logformat.conf
@@ -1,3 +1,3 @@
-log_format   main '$remote_addr - $remote_user [$time_local]  $status '
-    '"$request" $body_bytes_sent "$http_referer" '
-    '"$http_user_agent" "$http_x_forwarded_for"';
+# log_format   main '$remote_addr - $remote_user [$time_local]  $status '
+#     '"$request" $body_bytes_sent "$http_referer" '
+#     '"$http_user_agent" "$http_x_forwarded_for"';
diff --git a/deployment/roles/nginx/tasks/main.yml b/deployment/roles/nginx/tasks/main.yml
@@ -1,9 +1,9 @@
 ---
 
 - name: Define log format
-  copy:
-    src: logformat.conf
-    dest: /etc/nginx/conf.d/logformat.conf
+  file:
+    path: logformat.conf
+    state: absent
   remote_user: root
 
 - name: make sure the log dir exists

diff --git a/deployment/roles/postfix/tasks/main.yml b/deployment/roles/postfix/tasks/main.yml
@@ -24,6 +24,8 @@
   with_items:
     - virtual_alias_domains
     - virtual_alias_map
+    - virtual_mailbox_domains
+    - virtual_mailbox_maps
 
 - name: Set up the postfix config
   template:

diff --git a/deployment/roles/postfix/templates/main.cf b/deployment/roles/postfix/templates/main.cf
@@ -40,19 +40,36 @@ smtpd_sasl_path = private/auth
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.
 
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+smtpd_relay_restrictions =
+    permit_mynetworks
+    permit_sasl_authenticated
+    defer_unauth_destination
 myhostname = {{ postfix_mydomain }}
 mydomain = {{ postfix_mydomain }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname
 mydestination = {{ fqdn }}, localhost.{{ postfix_mydomain }}, localhost
 relayhost =
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mynetworks = 127.0.0.0/8 172.17.0.0/16 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 inet_protocols = ipv4
 
-virtual_alias_domains = pgsql:/etc/postfix/pgsql/virtual_alias_domains.cf
+# Virtual aliases (=forwarders)
+# can't use virtual_alias_domains together with virtual_mailbox_domains -
+# virtual_mailbox_domains does enough and the query looks up the alias domains
+# as well.
+# virtual_alias_domains = pgsql:/etc/postfix/pgsql/virtual_alias_domains.cf
 virtual_alias_maps = pgsql:/etc/postfix/pgsql/virtual_alias_map.cf
+
+# Virtual mailboxes (=local delivery)
+virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/virtual_mailbox_domains.cf
+virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
+
+# FIXME - variables across roles = bad idea
+virtual_mailbox_base = {{ dovecot_mail_basedir }}
+virtual_minimum_uid = 1000
+virtual_uid_maps = static:{{ dovecot_user_uid }}
+virtual_gid_maps = static:{{ dovecot_user_uid }}
diff --git a/deployment/roles/postfix/templates/virtual_alias_map.cf.j2 b/deployment/roles/postfix/templates/virtual_alias_map.cf.j2
@@ -14,4 +14,7 @@ password = {{ db_password }}
 # The database name on the servers.
 dbname = {{ db_name }}
 
-query = SELECT "mail_forward"."destination" FROM "mail_forward" WHERE ("mail_forward"."active" = True AND "mail_forward"."source" = '%s')
+query =
+    SELECT array_to_string("mail_forward"."destinations", ' ')
+    FROM "mail_forward"
+    WHERE ("mail_forward"."active" = True AND CONCAT("mail_forward"."user_part", CONCAT('@', "mail_forward"."domain_part")) = '%s')
diff --git a/deployment/roles/postfix/templates/virtual_mailbox_domains.cf.j2 b/deployment/roles/postfix/templates/virtual_mailbox_domains.cf.j2
@@ -0,0 +1,25 @@
+#
+# main.cf entry:
+# virtual_mailbox_domains = pgsql:/path/to/this/file.cf
+#
+
+#
+# The hosts that Postfix will try to connect to
+hosts = localhost
+
+# The user name and password to log into the pgsql server.
+user = {{ db_user }}
+password = {{ db_password }}
+
+# The database name on the servers.
+dbname = {{ db_name }}
+
+query = (
+    SELECT DISTINCT "mail_forward"."domain_part"
+    FROM "mail_forward"
+    WHERE ("mail_forward"."active" = True AND "mail_forward"."domain_part" = '%s')
+    ) UNION (
+    SELECT DISTINCT "mail_virtualmailbox"."domain_part" FROM "mail_virtualmailbox"
+    WHERE ("mail_virtualmailbox"."active" = True AND "mail_virtualmailbox"."domain_part" = '%s')
+    )
+
diff --git a/deployment/roles/postfix/templates/virtual_mailbox_maps.cf.j2 b/deployment/roles/postfix/templates/virtual_mailbox_maps.cf.j2
@@ -0,0 +1,20 @@
+#
+# main.cf entry:
+# virtual_mailbox_maps = pgsql:/path/to/this/file.cf
+#
+
+#
+# The hosts that Postfix will try to connect to
+hosts = localhost
+
+# The user name and password to log into the pgsql server.
+user = {{ db_user }}
+password = {{ db_password }}
+
+# The database name on the servers.
+dbname = {{ db_name }}
+
+query =
+    SELECT CONCAT("mail_virtualmailbox"."domain_part", CONCAT('/', CONCAT("mail_virtualmailbox"."user_part", '/'))) AS "maildir"
+    FROM "mail_virtualmailbox"
+    WHERE ("mail_virtualmailbox"."active" = True AND CONCAT("mail_virtualmailbox"."user_part", CONCAT('@', "mail_virtualmailbox"."domain_part")) = '%s')
diff --git a/deployment/roles/postfixer/defaults/main.yml b/deployment/roles/postfixer/defaults/main.yml
@@ -1,3 +1,5 @@
 ---
 
 postfixer_port: 9010
+
+postfixer_image: regexit/postfixer:latest
diff --git a/deployment/roles/postfixer/tasks/main.yml b/deployment/roles/postfixer/tasks/main.yml
@@ -14,7 +14,8 @@
 - name: Ensure web container runs
   docker_container:
     name: postfixer-web
-    image: "sergeimaertens/postfixer:1.0"
+    image: "{{ postfixer_image }}"
+    pull: yes
     hostname: postfixer-django
     state: started
     restart: no

diff --git a/deployment/vars/mailserver.yml b/deployment/vars/mailserver.yml
@@ -1,16 +1,16 @@
 $ANSIBLE_VAULT;1.1;AES256
-31383934633934646339613939303861353362346431643737653037306132643839393964326463
-3066613161656532393338626239393633613061316539660a333532323063386262356436316632
-38623066306432353335636461393030616562656662653431613937623939653238356165303866
-3135363437373936640a333231353334346565613065353065346663626530396639653538336438
-62373130653536356330633765306631616564323133306236343134396532623464313732383632
-62626435386534303363666363363236636432323035303131383462613766636330656234353337
-34373833373637663434356564346231653339343361343361393864343664373162633366616331
-31373964663230303637653732653833623166383232383238383730313435613132343739323532
-36346636333834346532386435343166353636643530613463373863333166616334643537353165
-39306535356265343535303261313938353033663330316334363664333734383465616437633432
-66633566626366393166303863386264356638363264666266316364343737643263656634306235
-64386566363461663164623539333333356163306661346565353633643933643738326366306639
-31653233323066303834343161306230653865663062373064376466353639353966336264323361
-32313533333839333063326462396338366137653731306365366538383362366631646132333834
-383761646631636362336435386562363934
+37646533386436623831313732633539623430323337363836313266643630653337643231353162
+3339333031303638356235663631353833643330643262650a363539356335333862663736653731
+61646532386137666562336665343231633833636561363536396565306566313839623361656434
+3466323765373366310a616230373565346139646232646565386264353966393564393861653438
+65343331313732623034653366353930326536633163663037666238356138326536663031316139
+66323532613463373266306339333735643235663263643833356631393461653662363932613334
+35663337353631623966353463626232643836613230396561383230333161323166353836653962
+31313065356261636334316164656439386137666365623231343635613964663033336537376538
+62323933623562633838336461613563356164653863316235316436653261366437396566653361
+30353135376663343436363133653034316432613037363338393533663735353033306231653131
+65373663346434363130326434366463376537636666346366346339666538313661306666653031
+35666361386634303235323633306130616264656632393831313163396461306233623637333139
+66643132306430653565343762663238316334323935623731623737613138373865316162613639
+38323236303866376239656430313439656132376563306531343133613833353138663638663337
+353132613831323139333165623061623032