diff options
Diffstat (limited to 'roles/mail/opendkim/tasks/main.yml')
| -rw-r--r-- | roles/mail/opendkim/tasks/main.yml | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/roles/mail/opendkim/tasks/main.yml b/roles/mail/opendkim/tasks/main.yml new file mode 100644 index 00000000..615b45e0 --- /dev/null +++ b/roles/mail/opendkim/tasks/main.yml @@ -0,0 +1,105 @@ +--- +- name: install opendkim packages + apt: + name: + - opendkim + - opendkim-tools + state: present + +- name: create configure sub directory + file: + path: /etc/opendkim + state: directory + mode: 0700 + owner: opendkim + group: opendkim + +- name: remove annoying sample Socket options + lineinfile: + regexp: "^#Socket\\s+" + state: absent + dest: /etc/opendkim.conf + notify: restart opendkim + +- name: set opendkim default options + set_fact: + opendkim_options_default: + Mode: "{{ opendkim_sign | ternary('s','') }}{{ opendkim_verify | ternary('v','') }}" + ReportAddress: "{{ opendkim_admin_mail }}" + LogWhy: "yes" + opendkim_options_postfix: {} + opendkim_options_sign: {} + opendkim_options_verify: {} + +- name: prepare opendkim to be used with chrooted postfix + when: opendkim_socket_for_postfix + block: + - name: set opendkim postfix options + set_fact: + opendkim_options_postfix: + Socket: "local:/var/spool/postfix/opendkim/opendkim.sock" + + - name: create systemd override directory + file: + path: /etc/systemd/system/opendkim.service.d + state: directory + + - name: add systemd service override + copy: + content: | + [Service] + ExecStartPre=+/usr/bin/install -d /var/spool/postfix/opendkim -o opendkim -g opendkim -m 0750 + dest: /etc/systemd/system/opendkim.service.d/postfix-chroot.conf + notify: reload systemd + + - name: configure opendkim listen socket for legacy init + lineinfile: + dest: /etc/default/opendkim + regexp: '^SOCKET=' + line: 'SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"' + notify: restart opendkim + +- name: prepare opendkim for signing + when: opendkim_sign + block: + - name: set opendkim sign options + set_fact: + opendkim_options_sign: + InternalHosts: "{{ opendkim_internal_hosts | join(', ') }}" + KeyTable: "refile:/etc/opendkim/KeyTable" + SigningTable: "refile:/etc/opendkim/SigningTable" + + - name: generate/install dkim keys + loop: "{{ opendkim_domains | dict2items }}" + loop_control: + loop_var: opendkim_domain + label: "{{ opendkim_domain.key }}" + include_tasks: dkim-key.yml + + - name: install KeyTable and SingingTable + loop: + - KeyTable + - SigningTable + template: + src: "{{ item }}.j2" + dest: "/etc/opendkim/{{ item }}" + notify: restart opendkim + +## TODO: implement this +# - name: prepare opendkim for verifying +# when: opendkim_verify +# block: +# - name: set opendkim verify options +# set_fact: +# opendkim_options_verify: +# option: "value" + +- name: configure opendkim + loop: "{{ opendkim_options_default | combine(opendkim_options_postfix) | combine(opendkim_options_sign) | combine(opendkim_options_verify) | dict2items }}" + loop_control: + label: "{{ item.key }} = {{ item.value }}" + lineinfile: + regexp: "^#?\\s*{{ item.key }}\\s+" + line: "{{ item.key }}\t\t\t{{ item.value }}" + dest: /etc/opendkim.conf + notify: restart opendkim |