ansible-role-opendkim_postfix/tasks/configure.yml

---
- name: Find opendkim-genkey command
  shell: which opendkim-genkey | true
  register: which_result

- name: Find opendkim-genkey command using whereis
  shell: "whereis opendkim-genkey | awk 'BEGIN {FS=\": \"} {print($2)}'"
  register: which_result
  when: which_result.stdout == ""

- name: Fail if opendkim-genkey is not found
  fail:
  when: which_result.stdout == ""

- name: Set command for opendkim-genkey
  set_fact:
    opendkim_genkey_cmd: "{{ which_result.stdout }}"

- name: Generate DKIM keys
  shell: "{{opendkim_genkey_cmd }} -D /etc/dkimkeys --domain={{ item }} --selector={{ item }}"
  args:
    creates: "/etc/dkimkeys/{{ item }}.txt"
  loop: "{{ mail_domains }}"
  notify: Restart OpenDKIM service

- name: Configure OpenDKIM mode to sv
  lineinfile:
    path: /etc/opendkim.conf
    regexp: '^Mode '
    line: 'Mode                    sv'
    backup: true
  notify: Restart OpenDKIM service

- name: Configure OpenDKIM Socket
  lineinfile:
    path: /etc/opendkim.conf
    regexp: '^Socket '
    line: 'Socket                  inet:8891@127.0.0.1'
    backup: true
  notify: Restart OpenDKIM service

- name: Configure OpenDKIM domains
  lineinfile:
    path: /etc/opendkim.conf
    regexp: '^Domain '
    line: "Domain                  {{ domains|join(',') }}"
    backup: true
  notify: Restart OpenDKIM service

- name: Configure OpenDKIM key file
  lineinfile:
    path: /etc/opendkim.conf
    regexp: '^KeyFile '
    line: "KeyFile                  /etc/dkimkeys/{{ domains[0] }}.private"
    backup: true
  notify: Restart OpenDKIM service

- name: Configure OpenDKIM selector
  lineinfile:
    path: /etc/opendkim.conf
    regexp: '^Selector '
    line: 'Selector                  ""'
    backup: true
  notify: Restart OpenDKIM service

- name: Enable opendkim service
  service:
    name: opendkim
    state: restarted
    enabled: true
  notify: Restart OpenDKIM service

- name: Ensure opendkim folder exists
  file:
    path: /etc/opendkim
    state: directory
    owner: root
    group: opendkim
    mode: 0770

- name: Configure keytable for OpenDKIM
  template:
    src: templates/keytable.j2
    dest: /etc/opendkim/keytable
    owner: root
    group: opendkim
    mode: '0550'
    backup: true
  notify: Restart OpenDKIM service

- name: Configure signingtable for OpenDKIM
  template:
    src: templates/signingtable.j2
    dest: /etc/opendkim/signingtable
    owner: root
    group: opendkim
    mode: '0550'
    backup: true
  notify: Restart OpenDKIM service

- name: Configure TrustedHosts for OpenDKIM
  template:
    src: templates/TrustedHosts.j2
    dest: /etc/opendkim/TrustedHosts
    owner: root
    group: opendkim
    mode: '0550'
    backup: true
  notify: Restart OpenDKIM service

- name: Configure milter default action
  lineinfile:
    path: /etc/postfix/main.cf
    regexp: '^milter_default_action '
    line: 'milter_default_action  = accept'
    backup: yes
  notify:
    - Reload postfix

- name: Configure milter protocol
  lineinfile:
    path: /etc/postfix/main.cf
    regexp: '^milter_protocol '
    line: 'milter_protocol   = 2'
    backup: yes
  notify:
    - Reload postfix

- name: Configure OpenDKIM smtpd milters
  lineinfile:
    path: /etc/postfix/main.cf
    regexp: '^smtpd_milters '
    line: 'smtpd_milters = inet:127.0.0.1:8891'
    backup: yes
  notify:
    - Reload postfix

- name: Configure OpenDKIM non smtpd milters
  lineinfile:
    path: /etc/postfix/main.cf
    regexp: '^non_smtpd_milters '
    line: 'non_smtpd_milters = inet:127.0.0.1:8891'
    backup: yes
  notify:
    - Reload postfix

- name: Ensure opendkim service is started and enabled
  service:
    name: opendkim
    state: started
    enabled: true