bundles/dovecot: introduce

bundles/dovecot/files/dovecot-sql.conf

@@ -0,0 +1,5 @@
+connect = host=localhost dbname=${dbname} user=${dbuser} password=${dbpass}
+driver = pgsql
+default_pass_scheme = MD5-CRYPT
+password_query = SELECT username as user, password FROM mailbox WHERE username = '%u' AND active = true
+user_query = SELECT '/var/mail/vmail' || maildir as home, 65534 as uid, 65534 as gid FROM mailbox WHERE username = '%u' AND active = true

bundles/dovecot/files/dovecot.conf

@@ -0,0 +1,130 @@
+!include conf.d/*.conf
+
+namespace inbox {
+    type = private
+    inbox = yes
+    location =
+    mailbox Drafts {
+        auto = subscribe
+        special_use = \Drafts
+    }
+    mailbox Junk {
+        auto = subscribe
+        special_use = \Junk
+    }
+    mailbox Sent {
+        auto = subscribe
+        special_use = \Sent
+    }
+    mailbox Trash {
+        auto = subscribe
+        special_use = \Trash
+    }
+    prefix =
+}
+
+mail_location = maildir:/var/mail/vmail/%d/%n
+protocols = imap lmtp sieve
+
+ssl = yes
+ssl_cert = </var/lib/dehydrated/certs/${node.metadata['postfix']['myhostname']}/fullchain.pem
+ssl_key =  </var/lib/dehydrated/certs/${node.metadata['postfix']['myhostname']}/privkey.pem
+ssl_dh = </etc/dovecot/ssl/dhparam.pem
+
+login_greeting = IMAPd ready
+auth_mechanisms = plain login
+first_valid_uid = 65534
+disable_plaintext_auth = yes
+mail_plugins = $mail_plugins zlib
+
+plugin {
+    zlib_save_level = 6
+    zlib_save = gz
+
+    sieve_plugins = sieve_imapsieve sieve_extprograms
+    sieve_dir = /var/mail/vmail/sieve/%d/%n/
+    sieve = /var/mail/vmail/sieve/%d/%n.sieve
+    sieve_pipe_bin_dir = /var/mail/vmail/sieve/bin
+    sieve_extensions = +vnd.dovecot.pipe
+
+% if node.has_bundle('rspamd'):
+    sieve_before = /var/mail/vmail/sieve/global/spam-global.sieve
+
+    # From elsewhere to Spam folder
+    imapsieve_mailbox1_name = Junk
+    imapsieve_mailbox1_causes = COPY
+    imapsieve_mailbox1_before = file:/var/mail/vmail/sieve/global/learn-spam.sieve
+
+    # From Spam folder to elsewhere
+    imapsieve_mailbox2_name = *
+    imapsieve_mailbox2_from = Junk
+    imapsieve_mailbox2_causes = COPY
+    imapsieve_mailbox2_before = file:/var/mail/vmail/sieve/global/learn-ham.sieve
+% endif
+}
+
+service auth {
+    unix_listener /var/spool/postfix/private/auth {
+        mode = 0660
+        user = postfix
+        group = postfix
+    }
+
+    unix_listener auth-userdb {
+        mode = 0660
+        user = nobody
+        group = nogroup
+    }
+}
+
+service lmtp {
+    unix_listener /var/spool/postfix/private/dovecot-lmtp {
+        group = postfix
+        mode = 0600
+        user = postfix
+    }
+}
+
+service imap {
+    executable = imap
+}
+
+service imap-login {
+    service_count = 1
+    process_min_avail = 8
+    vsz_limit = 64M
+}
+
+service managesieve-login {
+    inet_listener sieve {
+        port = 4190
+    }
+}
+
+userdb {
+    driver = sql
+    args = /etc/dovecot/dovecot-sql.conf
+}
+
+passdb {
+    driver = sql
+    args = /etc/dovecot/dovecot-sql.conf
+}
+
+protocol lmtp {
+    mail_plugins = $mail_plugins sieve
+    postmaster_address = ${admin_email}
+}
+
+protocol imap {
+    mail_plugins = $mail_plugins imap_zlib imap_sieve
+    mail_max_userip_connections = 50
+    imap_idle_notify_interval = 29 mins
+}
+
+protocol sieve {
+    plugin {
+        sieve = /var/mail/vmail/sieve/%d/%n.sieve
+        sieve_storage = /var/mail/vmail/sieve/%d/%n/
+    }
+}

bundles/dovecot/files/learn-ham.sieve

@@ -0,0 +1,15 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
+
+if environment :matches "imap.mailbox" "*" {
+  set "mailbox" "${1}";
+}
+
+if string "${mailbox}" "Trash" {
+  stop;
+}
+
+if environment :matches "imap.user" "*" {
+  set "username" "${1}";
+}
+
+pipe :copy "sa-learn-ham.sh" [ "${username}" ];

bundles/dovecot/files/learn-spam.sieve

@@ -0,0 +1,7 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
+
+if environment :matches "imap.user" "*" {
+  set "username" "${1}";
+}
+
+pipe :copy "sa-learn-spam.sh" [ "${username}" ];

bundles/dovecot/files/spam-global.sieve

@@ -0,0 +1,11 @@
+require ["fileinto", "imap4flags"];
+
+if header :contains "X-Spam-Flag" "YES" {
+    setflag "\\seen";
+    fileinto "Junk";
+}
+
+if header :contains "X-Spam" "Yes" {
+    setflag "\\seen";
+    fileinto "Junk";
+}

bundles/dovecot/items.py

@@ -0,0 +1,66 @@
+# Postfix bundle creates metadata and directories which are also used
+# by this bundle
+assert node.has_bundle('postfix')
+
+files = {
+    '/etc/dovecot/dovecot.conf': {
+        'content_type': 'mako',
+        'context': {
+            'admin_email': node.metadata['dovecot']['admin_email'],
+        },
+        'needs': {
+            'pkg_apt:'
+        },
+        'triggers': {
+            'svc_systemd:dovecot:restart',
+        },
+    },
+    '/etc/dovecot/dovecot-sql.conf': {
+        'content_type': 'mako',
+        'context': node.metadata['dovecot']['database'],
+        'needs': {
+            'pkg_apt:'
+        },
+        'triggers': {
+            'svc_systemd:dovecot:restart',
+        },
+    },
+}
+
+actions = {
+    'dovecot_generate_dhparam': {
+        'command': 'openssl dhparam -out /etc/dovecot/ssl/dhparam.pem 2048',
+        'unless': 'test -f /etc/dovecot/ssl/dhparam.pem',
+        'cascade_skip': False,
+        'needs': {
+            'pkg_apt:'
+        },
+        'triggers': {
+            'svc_systemd:dovecot:restart',
+        },
+    },
+}
+
+svc_systemd = {
+    'dovecot': {
+        'needs': {
+            'action:dovecot_generate_dhparam',
+            'file:/etc/dovecot/dovecot.conf',
+            'file:/etc/dovecot/dovecot-sql.conf',
+        },
+    },
+}
+
+if node.has_bundle('rspamd'):
+    files['/var/mail/vmail/sieve/global/learn-ham.sieve'] = {
+        'owner': 'nobody',
+        'group': 'nogroup',
+    }
+    files['/var/mail/vmail/sieve/global/learn-spam.sieve'] = {
+        'owner': 'nobody',
+        'group': 'nogroup',
+    }
+    files['/var/mail/vmail/sieve/global/spam-global.sieve'] = {
+        'owner': 'nobody',
+        'group': 'nogroup',
+    }

bundles/dovecot/metadata.py

@@ -0,0 +1,52 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'dovecot-imapd': {},
+            'dovecot-lmtpd': {},
+            'dovecot-managesieved': {},
+            'dovecot-pgsql': {},
+            'dovecot-sieve': {},
+        },
+    },
+    'icinga2_api': {
+        'dovecot': {
+            'services': {
+                'DOVECOT PROCESS': {
+                    'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit dovecot',
+                },
+                'IMAP CONNECT': {
+                    'check_command': 'check_imap',
+                    'vars.imap_port': 143,
+                },
+                'IMAPS CONNECT': {
+                    'check_command': 'check_imap',
+                    'vars.imap_port': 993,
+                    'vars.imap_ssl': True,
+                },
+            },
+        },
+    },
+}
+
+if node.has_bundle('postfixadmin'):
+    defaults['dovecot'] = {
+        'database': {
+            'dbname': 'postfixadmin',
+            'dbuser': 'postfixadmin',
+        },
+    }
+
+
+@metadata_reactor
+def import_database_settings_from_postfixadmin(metadata):
+    if not node.has_bundle('postfixadmin'):
+        raise DoNotRunAgain
+
+    return {
+        'dovecot': {
+            'admin_email': metadata.get('postfixadmin/admin_email'),
+            'database': {
+                'dbpass': metadata.get('postgresql/users/postfixadmin/password'),
+            },
+        },
+    }