Adapt Postfix config and add Dovecot

dovecot.yml

+# Install and configure Dovecot and its dependencies
+#
+# Please run services-base.yml first.
+
+- name: install and configure Dovecot
+  hosts: dovecot
+  become: yes
+  roles:
+   - dovecot
+   - dovecot-pop3d

host_vars/gabriel.c3heaven.de

@@ -87,6 +87,10 @@ nginx_https_sites:
         proxy_pass http://127.0.0.1:3000;
         proxy_cache_bypass $http_upgrade;
         proxy_redirect off;
+    - location: "~ ^/liste/?$"
+      config: |-
+        return 301 https://$host/Liste;
+
  - name: "sso.c3heaven.de"
    locations:
     - location: "/"
@@ -146,6 +150,7 @@ rspamd_enabled: true
 
 postfix_mydestination: "localhost, $myhostname, c3heaven.de"
 postfix_myorigin: "c3heaven.de"
+postfix_mynetworks: "127.0.0.1/32 159.69.40.72/32 10.23.42.0/24 [::1]/128 [2a01:4f8:c2c:df32::]/64 [2a01:4f8:c2c:b190::]/64 [fe80::9400:ff:fe31:9902]/128 [fe80::8400:ff:fe34:27e5]/128"
 postfix_generic_map:
  - "www-data@c3heaven.de noreply@c3heaven.de"
 postfix_additional_admin_aliases:
@@ -159,3 +164,5 @@ postfix_virtual_alias_domains:
  - "lists.c3heaven.de"
 postfix_virtual_alias_maps:
  - "hash:/var/lib/mailman/data/virtual-mailman"
+
+# vim: set ft=yaml:

inventory

@@ -22,3 +22,9 @@ ticket.c3heaven.de
 # These are the Keycloak SSO servers (typically just one)
 [keycloak]
 gabriel.c3heaven.de
+
+# Dovecot mail servers
+#
+# These are all servers that are serving mails via Dovecot
+[dovecot]
+gabriel.c3heaven.de

roles/dovecot-pop3d/meta/main.yml

+---
+
+dependencies:
+  - { role: dovecot }

roles/dovecot-pop3d/tasks/main.yml

+---
+
+# Install and configure the Dovecot POP3 server
+
+- name: install dovecot-pop3d
+  apt: name=dovecot-pop3d state=present
+  tags: [apt, packages, dovecot]

roles/dovecot/defaults/main.yml

+---
+
+dovecot_hostname: "{{ inventory_hostname }}"
+dovecot_ssl_ciphers: "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA"
+
+dovecot_min_ssl_protocol: "TLSv1.2"
+dovecot_prefer_server_ciphers: true

roles/dovecot/handlers/main.yml

+---
+
+- name: restart dovecot
+  service: name=dovecot state=restarted
+  tags: [handlers, services, dovecot]

roles/dovecot/meta/main.yml

+---
+
+dependencies:
+  - { role: acmetool }

roles/dovecot/tasks/main.yml

+---
+
+# Install and configure the core of the Dovecot mail server
+
+- name: install dovecot-core
+  apt: name=dovecot-core state=present
+  tags: [apt, packages, dovecot]
+
+- name: dovecot ssl configuration
+  template:
+    src: "10-ssl.conf.j2"
+    dest: "/etc/dovecot/conf.d/10-ssl.conf"
+  notify: restart dovecot
+  tags: [config, dovecot]
+
+- name: start/enable dovecot
+  service: name=dovecot state=started enabled=yes
+  tags: [services, dovecot]

roles/dovecot/templates/10-ssl.conf.j2

+# {{ ansible_managed }}
+
+ssl = required
+ssl_cert = </var/lib/acme/live/{{ dovecot_hostname }}/fullchain
+ssl_key = </var/lib/acme/live/{{ dovecot_hostname }}/privkey
+ssl_min_protocol = {{ dovecot_min_ssl_protocol }}
+ssl_prefer_server_ciphers = {{ "yes" if dovecot_prefer_server_ciphers else "no" }}
+ssl_cipher_list = '{{ dovecot_ssl_ciphers }}'

roles/postfix/defaults/main.yml

 postfix_mydestination: "localhost, $myhostname"
 postfix_myorigin: null
+postfix_mynetworks: null
 postfix_alias_maps:
  - "hash:/etc/aliases"
 postfix_virtual_alias_domains: []

roles/postfix/templates/main.cf.j2

@@ -9,6 +9,9 @@ mydestination = {{ postfix_mydestination }}
 {% if postfix_myorigin %}
 myorigin = {{ postfix_myorigin }}
 {% endif %}
+{% if postfix_mynetworks %}
+mynetworks = {{ postfix_mynetworks }}
+{% endif %}
 
 show_user_unknown_table_name = no
 alias_database = hash:/etc/aliases