adelgado/ansible-role-opendkim_postfix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move and adapt opendkim configuration to own role

Browse source
This commit is contained in:
Antonio J. Delgado 2023-09-18 18:53:40 +03:00
parent c488006433
commit ce1745cd29
11 changed files with 256 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -1 +1,13 @@
## ansible-role-opendkim_postfix ## ansible-role-XXXX
Work in progress...
# Requirements
# Installation
# Usage
# Credits
Antonio J. Delgado 2022 https://gitlab.com/antoniodelgado

2
defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
create_ovh_dns_entry: true

10
handlers/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Reload postfix
service:
name: postfix
state: restarted
- name: Restart OpenDKIM service
service:
name: opendkim
state: restart

22
meta/main.yml Normal file
View file

@ -0,0 +1,22 @@
---
galaxy_info:
author: Antonio J. Delgado (ajdelgado)
description: TODO - Description
# issue_tracker_url: https://github.com/uoi-io/ansible-galera/issues
license: GPLv3
min_ansible_version: "2.0"
github_branch: master
platforms:
- name: Ubuntu
versions:
- focal
- jammy
galaxy_tags: []# TODO
dependencies: []

151
tasks/configure.yml Normal file
View file

@ -0,0 +1,151 @@
---
- name: Find opendkim-genkey command
shell: which opendkim-genkey | true
register: which_result
- name: Find opendkim-genkey command using whereis
shell: "whereis opendkim-genkey | awk 'BEGIN {FS=\": \"} {print($2)}'"
register: which_result
when: which_result.stdout == ""
- name: Fail if opendkim-genkey is not found
fail:
when: which_result.stdout == ""
- name: Set command for opendkim-genkey
set_fact:
opendkim_genkey_cmd: "{{ which_result.stdout }}"
- name: Generate DKIM keys
shell: "{{opendkim_genkey_cmd }} -D /etc/dkimkeys --domain={{ item }} --selector={{ item }}"
args:
creates: "/etc/dkimkeys/{{ item }}.txt"
loop: "{{ mail_domains }}"
notify: Restart OpenDKIM service
- name: Configure OpenDKIM mode to sv
lineinfile:
path: /etc/opendkim.conf
regexp: '^Mode '
line: 'Mode sv'
backup: true
notify: Restart OpenDKIM service
- name: Configure OpenDKIM Socket
lineinfile:
path: /etc/opendkim.conf
regexp: '^Socket '
line: 'Socket inet:8891@127.0.0.1'
backup: true
notify: Restart OpenDKIM service
- name: Configure OpenDKIM domains
lineinfile:
path: /etc/opendkim.conf
regexp: '^Domain '
line: "Domain {{ domains|join(',') }}"
backup: true
notify: Restart OpenDKIM service
- name: Configure OpenDKIM key file
lineinfile:
path: /etc/opendkim.conf
regexp: '^KeyFile '
line: "KeyFile /etc/dkimkeys/{{ domains[0] }}.private"
backup: true
notify: Restart OpenDKIM service
- name: Configure OpenDKIM selector
lineinfile:
path: /etc/opendkim.conf
regexp: '^Selector '
line: 'Selector ""'
backup: true
notify: Restart OpenDKIM service
- name: Enable opendkim service
service:
name: opendkim
state: restarted
enabled: true
notify: Restart OpenDKIM service
- name: Ensure opendkim folder exists
file:
path: /etc/opendkim
state: directory
owner: root
group: opendkim
mode: 0770
- name: Configure keytable for OpenDKIM
template:
src: templates/keytable.j2
dest: /etc/opendkim/keytable
owner: root
group: opendkim
mode: '0550'
backup: true
notify: Restart OpenDKIM service
- name: Configure signingtable for OpenDKIM
template:
src: templates/signingtable.j2
dest: /etc/opendkim/signingtable
owner: root
group: opendkim
mode: '0550'
backup: true
notify: Restart OpenDKIM service
- name: Configure TrustedHosts for OpenDKIM
template:
src: templates/TrustedHosts.j2
dest: /etc/opendkim/TrustedHosts
owner: root
group: opendkim
mode: '0550'
backup: true
notify: Restart OpenDKIM service
- name: Configure milter default action
lineinfile:
path: /etc/postfix/main.cf
regexp: '^milter_default_action '
line: 'milter_default_action = accept'
backup: yes
notify:
- Reload postfix
- name: Configure milter protocol
lineinfile:
path: /etc/postfix/main.cf
regexp: '^milter_protocol '
line: 'milter_protocol = 2'
backup: yes
notify:
- Reload postfix
- name: Configure OpenDKIM smtpd milters
lineinfile:
path: /etc/postfix/main.cf
regexp: '^smtpd_milters '
line: 'smtpd_milters = inet:127.0.0.1:8891'
backup: yes
notify:
- Reload postfix
- name: Configure OpenDKIM non smtpd milters
lineinfile:
path: /etc/postfix/main.cf
regexp: '^non_smtpd_milters '
line: 'non_smtpd_milters = inet:127.0.0.1:8891'
backup: yes
notify:
- Reload postfix
- name: Ensure opendkim service is started and enabled
service:
name: opendkim
state: started
enabled: true

31
tasks/configure_ovh.yml Normal file
View file

@ -0,0 +1,31 @@
---
- name: Get DKIM key
slurp:
src: "/etc/dkimkeys/{{ item }}.txt"
register: key_file
loop: "{{ mail_domains }}"
- name: Show key files
debug:
var: key_file
- name: Extract key from file content
set_fact:
dkim_key: "{{ key_file['content'] | b64decode | regex_replace('^.*\"(.*)\"$', '\\1') }}"
- name: Show record content
debug:
var: dkim_key
- name: Add DKIM key record for domain
synthesio.ovh.domain:
domain: "{{ item }}"
value: "{{ dkim_key }}"
record_type: "TXT"
name: '_domainkey'
record_ttl: 10
append: true
loop: "{{ mail_domains }}"
when:
- "'.local' not in item"
- item | regex_findall('\.') | length < 2

6
tasks/install.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Ensure OpenDKIM software is present
package:
name:
- opendkim
- opendkim-tools

10
tasks/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Ensure installation of OpenDKIM
include_tasks: install.yml
- name: Ensure configuration of OpenDKIM
include_tasks: configure.yml
- name: Ensure configuration of OVH record
include_tasks: configure_ovh.yml
when: create_ovh_dns_entry

5
templates/TrustedHosts.j2 Normal file
View file

@ -0,0 +1,5 @@
127.0.0.1
::1
{% for ip in mail_own_networks %}
{{ ip }}
{% endfor %}

3
templates/keytable.j2 Normal file
View file

@ -0,0 +1,3 @@
{% for domain in mail_domains %}
mail._domainkey.{{ domain }} {{ domain }}:mail:/etc/opendkim/{{ domain }}.private
{% endfor %}

3
templates/signingtable.j2 Normal file
View file

@ -0,0 +1,3 @@
{% for domain in mail_domains %}
*@{{ domain }} mail._domainkey.{{ domain }}
{% endfor %}