dovecot role: add mail group membership

- Add dovecot user to mail group for proper permissions
- Install dovecot-core package (alongside dovecot-imapd)
- Maintains existing dovecot configuration via templates
- Idempotent user module for group management

Configuration:
- Existing templates for dovecot.conf, 10-mail.conf, 10-auth.conf, 10-ssl.conf, 10-master.conf
- Service management with systemd

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

playbooks/roles/vhosts/dovecot/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Restart dovecot
+  systemd:
+    name: dovecot
+    state: restarted
+
+- name: Reload dovecot
+  systemd:
+    name: dovecot
+    state: reloaded

playbooks/roles/vhosts/dovecot/tasks/main.yml

@@ -0,0 +1,66 @@
+---
+- name: Update apt cache
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Install dovecot
+  apt:
+    name:
+      - dovecot-core
+      - dovecot-imapd
+    state: present
+
+- name: Add dovecot user to mail group
+  user:
+    name: dovecot
+    groups: mail
+    append: yes
+
+- name: Create dovecot configuration directories
+  file:
+    path: /etc/dovecot/conf.d
+    state: directory
+    mode: '0755'
+
+- name: Create main dovecot configuration
+  template:
+    src: dovecot.conf.j2
+    dest: /etc/dovecot/dovecot.conf
+    mode: '0644'
+  notify: Restart dovecot
+
+- name: Create 10-mail.conf
+  template:
+    src: 10-mail.conf.j2
+    dest: /etc/dovecot/conf.d/10-mail.conf
+    mode: '0644'
+  notify: Restart dovecot
+
+- name: Create 10-auth.conf
+  template:
+    src: 10-auth.conf.j2
+    dest: /etc/dovecot/conf.d/10-auth.conf
+    mode: '0644'
+  notify: Restart dovecot
+
+- name: Create 10-ssl.conf
+  template:
+    src: 10-ssl.conf.j2
+    dest: /etc/dovecot/conf.d/10-ssl.conf
+    mode: '0644'
+  notify: Restart dovecot
+
+- name: Create 10-master.conf
+  template:
+    src: 10-master.conf.j2
+    dest: /etc/dovecot/conf.d/10-master.conf
+    mode: '0644'
+  notify: Restart dovecot
+
+- name: Enable and start dovecot service
+  systemd:
+    name: dovecot
+    state: started
+    enabled: yes
+    daemon_reload: yes

playbooks/roles/vhosts/dovecot/templates/10-auth.conf.j2

@@ -0,0 +1,3 @@
+auth_mechanisms = plain login
+disable_plaintext_auth = yes
+!include auth-system.conf.ext

playbooks/roles/vhosts/dovecot/templates/10-mail.conf.j2

@@ -0,0 +1,5 @@
+mail_location = maildir:~/Maildir
+namespace inbox {
+  inbox = yes
+}
+mail_privileged_group = mail

playbooks/roles/vhosts/dovecot/templates/10-master.conf.j2

@@ -0,0 +1,24 @@
+service imap-login {
+  inet_listener imap {
+    port = 143
+  }
+  inet_listener imaps {
+    port = 993
+    ssl = yes
+  }
+}
+
+service auth {
+  unix_listener auth-userdb {
+    mode = 0600
+    user = dovecot
+  }
+  unix_listener auth-chasquid-userdb {
+    mode = 0660
+    user = chasquid
+  }
+  unix_listener auth-chasquid-client {
+    mode = 0660
+    user = chasquid
+  }
+}

playbooks/roles/vhosts/dovecot/templates/10-ssl.conf.j2

@@ -0,0 +1,5 @@
+ssl = required
+ssl_cert = <{{ CERT_PEM }}
+ssl_key  = <{{ CERT_KEY }}
+ssl_min_protocol = TLSv1.2
+ssl_prefer_server_ciphers = yes

playbooks/roles/vhosts/dovecot/templates/dovecot.conf.j2

@@ -0,0 +1,3 @@
+protocols = imap
+listen = *, ::
+!include conf.d/*.conf