kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

bundles/dovecot: some fixes

Browse source 
- fix postfix/myhostname default
- ensure old_stats plugin is enabled
- ensure permissions for old_stats plugin
- ensure /etc/dovecot/ssl exists
- remove unneeded configuration files
This commit is contained in:
Franzi 2021-08-21 07:31:22 +02:00
parent 8301664d9a
commit 96f1604879
Signed by: kunsi
GPG key ID: 12E3D2136B818350
2 changed files with 43 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
bundles/dovecot/files/dovecot.conf
View file

@ -29,8 +29,8 @@ mail_location = maildir:/var/mail/vmail/%d/%n
protocols = imap lmtp sieve protocols = imap lmtp sieve
ssl = yes ssl = yes
ssl_cert = </var/lib/dehydrated/certs/${node.metadata['postfix']['myhostname']}/fullchain.pem ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
ssl_key = </var/lib/dehydrated/certs/${node.metadata['postfix']['myhostname']}/privkey.pem ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
ssl_dh = </etc/dovecot/ssl/dhparam.pem ssl_dh = </etc/dovecot/ssl/dhparam.pem
ssl_min_protocol = TLSv1.2 ssl_min_protocol = TLSv1.2
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM
@ -40,7 +40,7 @@ login_greeting = IMAPd ready
auth_mechanisms = plain login auth_mechanisms = plain login
first_valid_uid = 65534 first_valid_uid = 65534
disable_plaintext_auth = yes disable_plaintext_auth = yes
mail_plugins = $mail_plugins zlib mail_plugins = $mail_plugins zlib old_stats
plugin { plugin {
zlib_save_level = 6 zlib_save_level = 6
@ -137,11 +137,26 @@ protocol sieve {
} }
} }
% if node.has_bundle('telegraf'):
service old-stats { service old-stats {
% if node.has_bundle('telegraf'):
inet_listener { inet_listener {
address = 127.0.0.1 address = 127.0.0.1
port = 24242 port = 24242
} }
}
% endif % endif
unix_listener old-stats {
mode = 0660
user = nobody
group = nogroup
}
fifo_listener old-stats-mail {
mode = 0660
user = nobody
group = nogroup
}
fifo_listener old-stats-user {
mode = 0660
user = nobody
group = nogroup
}
}

23
bundles/dovecot/items.py
View file

@ -2,6 +2,10 @@
# by this bundle # by this bundle
repo.libs.tools.require_bundle(node, 'postfix') repo.libs.tools.require_bundle(node, 'postfix')
directories = {
'/etc/dovecot/ssl': {},
}
files = { files = {
'/etc/dovecot/dovecot.conf': { '/etc/dovecot/dovecot.conf': {
'content_type': 'mako', 'content_type': 'mako',
@ -25,6 +29,24 @@ files = {
'svc_systemd:dovecot:restart', 'svc_systemd:dovecot:restart',
}, },
}, },
'/etc/dovecot/conf.d/auth-system.conf.ext': {
'delete': True,
'needs': {
'pkg_apt:'
},
'triggers': {
'svc_systemd:dovecot:restart',
},
},
'/etc/dovecot/conf.d/10-auth.conf': {
'delete': True,
'needs': {
'pkg_apt:'
},
'triggers': {
'svc_systemd:dovecot:restart',
},
},
} }
actions = { actions = {
@ -33,6 +55,7 @@ actions = {
'unless': 'test -f /etc/dovecot/ssl/dhparam.pem', 'unless': 'test -f /etc/dovecot/ssl/dhparam.pem',
'cascade_skip': False, 'cascade_skip': False,
'needs': { 'needs': {
'directory:/etc/dovecot/ssl',
'pkg_apt:' 'pkg_apt:'
}, },
'triggers': { 'triggers': {