--- - name: Find opendkim-genkey command shell: which opendkim-genkey register: which_result - name: Show path to opendkim-genkey debug: var: which_result.stdout - name: Find opendkim-genkey command using whereis shell: "whereis opendkim-genkey | awk 'BEGIN {FS=\": \"} {print($2)}'" register: where_result when: which_result.stdout == "" - name: Set command for opendkim-genkey (using which) set_fact: opendkim_genkey_cmd: "{{ which_result.stdout }}" when: which_result.stdout != '' - name: Set command for opendkim-genkey (using where) set_fact: opendkim_genkey_cmd: "{{ where_result.stdout }}" when: - "'stdout' in where_result" - where_result.stdout != '' - name: Fail if opendkim-genkey is not found fail: when: opendkim_genkey_cmd is not defined - name: Ensure folders for each domain DKIM keys file: path: /etc/dkimkeys/{{ item }} state: directory loop: "{{ mail_domains }}" - name: Generate DKIM keys shell: "{{opendkim_genkey_cmd }} -D /etc/dkimkeys/{{ item }} --domain={{ item }} --selector={{ dkim_selector }}" args: creates: "/etc/dkimkeys/{{ item }}/{{ dkim_selector }}.txt" loop: "{{ mail_domains }}" notify: Restart OpenDKIM service - name: Configure OpenDKIM mode to sv lineinfile: path: /etc/opendkim.conf regexp: '^Mode ' line: 'Mode sv' backup: true notify: Restart OpenDKIM service - name: Configure OpenDKIM Socket lineinfile: path: /etc/opendkim.conf regexp: '^Socket ' line: 'Socket inet:8891@127.0.0.1' backup: true notify: Restart OpenDKIM service # - name: Configure OpenDKIM domains # lineinfile: # path: /etc/opendkim.conf # regexp: '^Domain ' # line: "Domain {{ mail_domains|join(',') }}" # backup: true # notify: Restart OpenDKIM service # - name: Configure OpenDKIM key file # lineinfile: # path: /etc/opendkim.conf # regexp: '^KeyFile ' # line: "KeyFile /etc/dkimkeys/{{ mail_domains[0] }}.private" # backup: true # notify: Restart OpenDKIM service # - name: Configure OpenDKIM selector # lineinfile: # path: /etc/opendkim.conf # regexp: '^Selector ' # line: 'Selector ""' # backup: true # notify: Restart OpenDKIM service - name: Ensure opendkim folder exists file: path: /etc/opendkim state: directory owner: root group: opendkim mode: 0770 - name: Configure keytable for OpenDKIM template: src: templates/keytable.j2 dest: /etc/opendkim/keytable owner: root group: opendkim mode: '0550' backup: true notify: Restart OpenDKIM service - name: Configure signingtable for OpenDKIM template: src: templates/signingtable.j2 dest: /etc/opendkim/signingtable owner: root group: opendkim mode: '0550' backup: true notify: Restart OpenDKIM service - name: Configure TrustedHosts for OpenDKIM template: src: templates/TrustedHosts.j2 dest: /etc/opendkim/TrustedHosts owner: root group: opendkim mode: '0550' backup: true notify: Restart OpenDKIM service - name: Configure milter default action lineinfile: path: /etc/postfix/main.cf regexp: '^milter_default_action ' line: 'milter_default_action = accept' backup: yes notify: - Reload postfix - name: Configure milter protocol lineinfile: path: /etc/postfix/main.cf regexp: '^milter_protocol ' line: 'milter_protocol = 2' backup: yes notify: - Reload postfix - name: Configure OpenDKIM smtpd milters lineinfile: path: /etc/postfix/main.cf regexp: '^smtpd_milters ' line: 'smtpd_milters = inet:127.0.0.1:8891' backup: yes notify: - Reload postfix - name: Configure OpenDKIM non smtpd milters lineinfile: path: /etc/postfix/main.cf regexp: '^non_smtpd_milters ' line: 'non_smtpd_milters = inet:127.0.0.1:8891' backup: yes notify: - Reload postfix - name: Ensure opendkim service is started and enabled service: name: opendkim state: started enabled: true