1 files changed, 37 insertions, 0 deletions

diff --git a/roles/mail/opendkim/tasks/dkim-key.yml b/roles/mail/opendkim/tasks/dkim-key.yml
new file mode 100644
index 00000000..02ac34db
--- /dev/null
+++ b/roles/mail/opendkim/tasks/dkim-key.yml
@@ -0,0 +1,37 @@
+---
+- name: create sub directory for keys
+  file:
+    path: "/etc/opendkim/keys/{{ opendkim_domain.key }}"
+    state: directory
+    mode: 0700
+    owner: opendkim
+    group: opendkim
+
+- name: install precomputed keys
+  loop: "{{ opendkim_domain.value['keys'] | dict2items | selectattr('value.content', 'defined') }}"
+  loop_control:
+    label: "{{ item.key }}@{{ opendkim_domain.key }}"
+  copy:
+    dest: "/etc/opendkim/keys/{{ opendkim_domain.key }}/{{ item.key }}.private"
+    content: "{{ item.value.content }}"
+    mode: 0600
+    owner: opendkim
+    group: opendkim
+
+- name: generate DKIM keys
+  loop: "{{ opendkim_domain.value['keys'] | dict2items | rejectattr('value.content', 'defined') }}"
+  loop_control:
+    label: "{{ item.key }}@{{ opendkim_domain.key }}"
+  command: "opendkim-genkey -b {{ item.value.keylength }} -s {{ item.key }} -d {{ opendkim_domain.key }} -D '/etc/opendkim/keys/{{ opendkim_domain.key }}'"
+  args:
+    creates: "/etc/opendkim/keys/{{ opendkim_domain.key }}/{{ item.key }}.private"
+
+- name: fix permission for generated DKIM keys
+  loop: "{{ opendkim_domain.value['keys'] | dict2items | rejectattr('value.content', 'defined') }}"
+  loop_control:
+    label: "{{ item.key }}@{{ opendkim_domain.key }}"
+  file:
+    path: "/etc/opendkim/keys/{{ opendkim_domain.key }}/{{ item.key }}.private"
+    mode: 0600
+    owner: opendkim
+    group: opendkim