179 lines
4.5 KiB
YAML
179 lines
4.5 KiB
YAML
---
|
|
- name: Find opendkim-genkey command
|
|
shell: which opendkim-genkey
|
|
register: which_result
|
|
|
|
- name: Show path to opendkim-genkey
|
|
debug:
|
|
var: which_result.stdout
|
|
|
|
- name: Find opendkim-genkey command using whereis
|
|
shell: "whereis opendkim-genkey | awk 'BEGIN {FS=\": \"} {print($2)}'"
|
|
register: where_result
|
|
when: which_result.stdout == ""
|
|
|
|
- name: Set command for opendkim-genkey (using which)
|
|
set_fact:
|
|
opendkim_genkey_cmd: "{{ which_result.stdout }}"
|
|
when: which_result.stdout != ''
|
|
|
|
- name: Set command for opendkim-genkey (using where)
|
|
set_fact:
|
|
opendkim_genkey_cmd: "{{ where_result.stdout }}"
|
|
when:
|
|
- "'stdout' in where_result"
|
|
- where_result.stdout != ''
|
|
|
|
- name: Fail if opendkim-genkey is not found
|
|
fail:
|
|
when: opendkim_genkey_cmd is not defined
|
|
|
|
- name: Ensure folders for each domain DKIM keys
|
|
file:
|
|
path: /etc/dkimkeys/{{ item }}
|
|
state: directory
|
|
mode: '0700'
|
|
loop: "{{ mail_domains }}"
|
|
|
|
- name: Generate DKIM keys
|
|
shell: "{{opendkim_genkey_cmd }} -D /etc/dkimkeys/{{ item }} --domain={{ item }} --selector={{ dkim_selector }}"
|
|
args:
|
|
creates: "/etc/dkimkeys/{{ item }}/{{ dkim_selector }}.txt"
|
|
loop: "{{ mail_domains }}"
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure OpenDKIM mode to sv
|
|
lineinfile:
|
|
path: /etc/opendkim.conf
|
|
regexp: '^Mode '
|
|
line: 'Mode sv'
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure OpenDKIM Socket
|
|
lineinfile:
|
|
path: /etc/opendkim.conf
|
|
regexp: '^Socket '
|
|
line: 'Socket inet:8891@127.0.0.1'
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure OpenDKIM key table
|
|
lineinfile:
|
|
path: /etc/opendkim.conf
|
|
regexp: '^KeyTable '
|
|
line: "KeyTable refile:/etc/opendkim/keytable"
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure OpenDKIM signing table
|
|
lineinfile:
|
|
path: /etc/opendkim.conf
|
|
regexp: '^SigningTable '
|
|
line: "SigningTable refile:/etc/opendkim/signingtable"
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure OpenDKIM InternalHosts
|
|
lineinfile:
|
|
path: /etc/opendkim.conf
|
|
regexp: '^InternalHosts '
|
|
line: 'InternalHosts /etc/opendkim/TrustedHosts'
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure OpenDKIM ExternalIgnoreList
|
|
lineinfile:
|
|
path: /etc/opendkim.conf
|
|
regexp: '^ExternalIgnoreList '
|
|
line: 'ExternalIgnoreList /etc/opendkim/TrustedHosts'
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure OpenDKIM SubDomains
|
|
lineinfile:
|
|
path: /etc/opendkim.conf
|
|
regexp: '^SubDomains '
|
|
line: 'SubDomains yes'
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Ensure opendkim folder exists
|
|
file:
|
|
path: /etc/opendkim
|
|
state: directory
|
|
owner: root
|
|
group: opendkim
|
|
mode: '0700'
|
|
|
|
- name: Configure keytable for OpenDKIM
|
|
template:
|
|
src: templates/keytable.j2
|
|
dest: /etc/opendkim/keytable
|
|
owner: root
|
|
group: opendkim
|
|
mode: '0550'
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure signingtable for OpenDKIM
|
|
template:
|
|
src: templates/signingtable.j2
|
|
dest: /etc/opendkim/signingtable
|
|
owner: root
|
|
group: opendkim
|
|
mode: '0550'
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure TrustedHosts for OpenDKIM
|
|
template:
|
|
src: templates/TrustedHosts.j2
|
|
dest: /etc/opendkim/TrustedHosts
|
|
owner: root
|
|
group: opendkim
|
|
mode: '0550'
|
|
backup: true
|
|
notify: Restart OpenDKIM service
|
|
|
|
- name: Configure milter default action
|
|
lineinfile:
|
|
path: /etc/postfix/main.cf
|
|
regexp: '^milter_default_action '
|
|
line: 'milter_default_action = accept'
|
|
backup: yes
|
|
notify:
|
|
- Reload postfix
|
|
|
|
- name: Configure milter protocol
|
|
lineinfile:
|
|
path: /etc/postfix/main.cf
|
|
regexp: '^milter_protocol '
|
|
line: 'milter_protocol = 6'
|
|
backup: yes
|
|
notify:
|
|
- Reload postfix
|
|
|
|
- name: Configure OpenDKIM smtpd milters
|
|
lineinfile:
|
|
path: /etc/postfix/main.cf
|
|
regexp: '^smtpd_milters '
|
|
line: 'smtpd_milters = inet:127.0.0.1:8891'
|
|
backup: yes
|
|
notify:
|
|
- Reload postfix
|
|
|
|
- name: Configure OpenDKIM non smtpd milters
|
|
lineinfile:
|
|
path: /etc/postfix/main.cf
|
|
regexp: '^non_smtpd_milters '
|
|
line: 'non_smtpd_milters = inet:127.0.0.1:8891'
|
|
backup: yes
|
|
notify:
|
|
- Reload postfix
|
|
|
|
- name: Ensure opendkim service is started and enabled
|
|
service:
|
|
name: opendkim
|
|
state: started
|
|
enabled: true
|