Add support for rendering dovecot userdb files

defaults/main/virtual.yml

@@ -0,0 +1,16 @@
+---
+
+virtual_mail_uid: virtual
+virtual_mail_gid: virtual
+virtual_mail_user_home: /home/virtual/%d/%n
+virtual_mail_home: /home/virtual
+
+# List of virtual mail domains and their users, should be kept in a vault-encrypted file
+#
+# virtual_mail_domains:
+#   example.com:
+#     jane.doe: $2y...
+#     john.doe: $6$...
+#   foo.bar:
+#     ada.lovelace: $1$
+virtual_mail_domains: []

roles/dovecot/defaults/main/virtual.yml

@@ -1,5 +0,0 @@
----
-
-dovecot_virtual_uid: virtual
-dovecot_virtual_gid: virtual
-dovecot_virtual_user_home: /home/virtual/%d/%n

roles/dovecot/tasks/main.yml

@@ -1,5 +1,10 @@
 ---
 
+- import_tasks: virtual.yml
+  tags:
+    - "role::dovecot"
+    - "role::dovecot:virtual"
+
 - import_tasks: install.yml
   tags:
     - "role::dovecot"
@@ -9,3 +14,8 @@
   tags:
     - "role::dovecot"
     - "role::dovecot:config"
+
+- import_tasks: userdb.yml
+  tags:
+    - "role::dovecot"
+    - "role::dovecot:userdb"

roles/dovecot/tasks/userdb.yml

@@ -0,0 +1,22 @@
+---
+
+- name: create virtual mail domain directories
+  file:
+    path: "{{ virtual_mail_home }}/{{ item.key }}"
+    state: directory
+    owner: "{{ virtual_mail_uid }}"
+    group: "{{ virtual_mail_gid }}"
+    mode: 0750
+  loop: "{{ virtual_mail_domains | dict2items }}"
+
+- name: render dovecot userdbs
+  template:
+    src: userdb.j2
+    dest: "{{ virtual_mail_home }}/{{ item.key }}/.passwd"
+    owner: "{{ virtual_mail_uid }}"
+    group: "{{ virtual_mail_gid }}"
+    mode: 0400
+  vars:
+    users: "{{ item.value }}"
+    domain: "{{ item.key }}"
+  loop: "{{ virtual_mail_domains | dict2items }}"

roles/dovecot/templates/etc/dovecot/conf.d/10-auth.conf.j2

@@ -129,7 +129,7 @@ passdb {
 userdb {
   driver = passwd-file
   args = username_format={{ dovecot_passdb_user_format }} {{ dovecot_passdb_filename }}
-  default_fields = uid={{ dovecot_virtual_uid }} gid={{ dovecot_virtual_gid }} home={{ dovecot_virtual_user_home }}
+  default_fields = uid={{ virtual_uid }} gid={{ virtual_gid }} home={{ virtual_mail_user_home }}
 
   # Default fields that can be overridden by passwd-file
   #default_fields = quota_rule=*:storage=1G

roles/dovecot/templates/etc/dovecot/conf.d/10-mail.conf.j2

@@ -29,7 +29,7 @@
 #
 # <doc/wiki/MailLocation.txt>
 #
-mail_location = maildir:{{ dovecot_virtual_user_home }}
+mail_location = maildir:{{ virtual_mail_user_home }}
 
 # If you need to set multiple mailbox locations or want to change default
 # namespace settings, you can do it by defining namespace sections.
@@ -107,13 +107,13 @@ namespace inbox {
 # System user and group used to access mails. If you use multiple, userdb
 # can override these by returning uid or gid fields. You can use either numbers
 # or names. <doc/wiki/UserIds.txt>
-mail_uid = {{ dovecot_virtual_uid }}
-mail_gid = {{ dovecot_virtual_gid }}
+mail_uid = {{ virtual_uid }}
+mail_gid = {{ virtual_gid }}
 
 # Group to enable temporarily for privileged operations. Currently this is
 # used only with INBOX when either its initial creation or dotlocking fails.
 # Typically this is set to "mail" to give access to /var/mail.
-mail_privileged_group = {{ dovecot_virtual_uid }}
+mail_privileged_group = {{ virtual_uid }}
 
 # Grant access to these supplementary groups for mail processes. Typically
 # these are used to set up access to shared mailboxes. Note that it may be

roles/dovecot/templates/userdb.j2

@@ -0,0 +1,4 @@
+{% for user, pwhash in users.items() %}
+{{ user }}@{{ domain }}:{CRYPT}{{ pwhash }}::::::
+{% endfor %}
+

tasks/virtual.yml

@@ -0,0 +1,11 @@
+---
+
+- name: create virtual mail user
+  user:
+    name: "{{ virtual_mail_uid }}"
+    group: "{{ virtual_mail_gid }}"
+    home: "{{ virtual_mail_home }}"
+    password: '!'
+    shell: /usr/sbin/nologin
+    system: yes
+    comment: Virtual Mail User