blob: 615b45e09a11cf2fdde461d9afc61e46e06fd594 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
---
- name: install opendkim packages
apt:
name:
- opendkim
- opendkim-tools
state: present
- name: create configure sub directory
file:
path: /etc/opendkim
state: directory
mode: 0700
owner: opendkim
group: opendkim
- name: remove annoying sample Socket options
lineinfile:
regexp: "^#Socket\\s+"
state: absent
dest: /etc/opendkim.conf
notify: restart opendkim
- name: set opendkim default options
set_fact:
opendkim_options_default:
Mode: "{{ opendkim_sign | ternary('s','') }}{{ opendkim_verify | ternary('v','') }}"
ReportAddress: "{{ opendkim_admin_mail }}"
LogWhy: "yes"
opendkim_options_postfix: {}
opendkim_options_sign: {}
opendkim_options_verify: {}
- name: prepare opendkim to be used with chrooted postfix
when: opendkim_socket_for_postfix
block:
- name: set opendkim postfix options
set_fact:
opendkim_options_postfix:
Socket: "local:/var/spool/postfix/opendkim/opendkim.sock"
- name: create systemd override directory
file:
path: /etc/systemd/system/opendkim.service.d
state: directory
- name: add systemd service override
copy:
content: |
[Service]
ExecStartPre=+/usr/bin/install -d /var/spool/postfix/opendkim -o opendkim -g opendkim -m 0750
dest: /etc/systemd/system/opendkim.service.d/postfix-chroot.conf
notify: reload systemd
- name: configure opendkim listen socket for legacy init
lineinfile:
dest: /etc/default/opendkim
regexp: '^SOCKET='
line: 'SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"'
notify: restart opendkim
- name: prepare opendkim for signing
when: opendkim_sign
block:
- name: set opendkim sign options
set_fact:
opendkim_options_sign:
InternalHosts: "{{ opendkim_internal_hosts | join(', ') }}"
KeyTable: "refile:/etc/opendkim/KeyTable"
SigningTable: "refile:/etc/opendkim/SigningTable"
- name: generate/install dkim keys
loop: "{{ opendkim_domains | dict2items }}"
loop_control:
loop_var: opendkim_domain
label: "{{ opendkim_domain.key }}"
include_tasks: dkim-key.yml
- name: install KeyTable and SingingTable
loop:
- KeyTable
- SigningTable
template:
src: "{{ item }}.j2"
dest: "/etc/opendkim/{{ item }}"
notify: restart opendkim
## TODO: implement this
# - name: prepare opendkim for verifying
# when: opendkim_verify
# block:
# - name: set opendkim verify options
# set_fact:
# opendkim_options_verify:
# option: "value"
- name: configure opendkim
loop: "{{ opendkim_options_default | combine(opendkim_options_postfix) | combine(opendkim_options_sign) | combine(opendkim_options_verify) | dict2items }}"
loop_control:
label: "{{ item.key }} = {{ item.value }}"
lineinfile:
regexp: "^#?\\s*{{ item.key }}\\s+"
line: "{{ item.key }}\t\t\t{{ item.value }}"
dest: /etc/opendkim.conf
notify: restart opendkim
|
