fix permissions for doveadm

[ansible.git] / roles / email / tasks / dovecot.yml

diff --git a/roles/email/tasks/dovecot.yml b/roles/email/tasks/dovecot.yml
index 6e1b12a3a7c2236426afd9fadf3575ef2afd1c88..5d8ef0c38f051744879021508f2a84d821d24f02 100644 (file)
--- a/roles/email/tasks/dovecot.yml
+++ b/roles/email/tasks/dovecot.yml
@@ -22,7 +22,7 @@
   template:
     dest: /etc/dovecot/{{ item }}
     src: templates/dovecot/{{ item }}
-    mode: u=rw,g=r,o=
+    mode: u=rw,g=r,o=r # changepw needs read access
     group: dovecot
   loop:
   - conf.d/10-auth.conf
@@ -34,6 +34,14 @@
   - conf.d/20-lmtp.conf
   - conf.d/90-quota.conf
   - conf.d/auth-sql.conf.ext
+- name: configure dovecot secrets
+  notify: dovecot
+  template:
+    dest: /etc/dovecot/{{ item }}
+    src: templates/dovecot/{{ item }}
+    mode: u=rw,g=r,o=
+    group: dovecot
+  loop:
   - dovecot-sql.conf.ext
 - name: install quota notification script
   template: