aboutsummaryrefslogtreecommitdiff
path: root/roles/opendkim
diff options
context:
space:
mode:
authorSam Chudnick <sam@chudnick.com>2023-07-02 19:04:30 -0400
committerSam Chudnick <sam@chudnick.com>2023-07-02 19:04:30 -0400
commit724d877995dfcc10c462a18dcb4ea6c8b60c2d03 (patch)
tree270537b8fca585717c1ffa7708e492593f7b2ed5 /roles/opendkim
initial commit
Diffstat (limited to 'roles/opendkim')
-rw-r--r--roles/opendkim/defaults/main.yml0
-rw-r--r--roles/opendkim/handlers/main.yml0
-rw-r--r--roles/opendkim/tasks/main.yml57
-rw-r--r--roles/opendkim/templates/opendkim.conf.j221
4 files changed, 78 insertions, 0 deletions
diff --git a/roles/opendkim/defaults/main.yml b/roles/opendkim/defaults/main.yml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/roles/opendkim/defaults/main.yml
diff --git a/roles/opendkim/handlers/main.yml b/roles/opendkim/handlers/main.yml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/roles/opendkim/handlers/main.yml
diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml
new file mode 100644
index 0000000..b56081a
--- /dev/null
+++ b/roles/opendkim/tasks/main.yml
@@ -0,0 +1,57 @@
1- name: install packages
2 package:
3 name:
4 - opendkim
5 - opendkim-tools
6 state: latest
7
8- name: create dkimkeys directory
9 file:
10 path: /etc/dkimkeys
11 owner: opendkim
12 group: opendkim
13 mode: '700'
14 state: directory
15
16- name: generate opendkim key
17 command:
18 cmd: "opendkim-genkey -D /etc/dkimkeys -d {{ domain }} -s {{ dkim_selector }}"
19
20- name: rename dkim key file
21 command: "mv /etc/dkimkeys/{{ dkim_selector }}.private /etc/dkimkeys/{{ dkim_selector }}.pem"
22 args:
23 removes: "/etc/dkimkeys/{{ dkim_selector }}.private"
24 creates: "/etc/dkimkeys/{{ dkim_selector }}.pem"
25
26- name: make directory for socket inside postfix chroot
27 file:
28 path: /var/spool/postfix/opendkim
29 owner: opendkim
30 group: opendkim
31 mode: '770'
32 state: directory
33
34- name: add postfix user to opendkim group
35 user:
36 name: postfix
37 groups: opendkim
38 append: yes
39
40- name: deploy configuration
41 template:
42 src: opendkim.conf.j2
43 dest: /etc/opendkim.conf
44 owner: root
45 group: root
46 mode: '0644'
47
48- name: enable opendkim
49 systemd:
50 enabled: yes
51 masked: no
52 name: opendkim
53
54- name: restart opendkim
55 service:
56 name: opendkim
57 state: restarted
diff --git a/roles/opendkim/templates/opendkim.conf.j2 b/roles/opendkim/templates/opendkim.conf.j2
new file mode 100644
index 0000000..d3335a2
--- /dev/null
+++ b/roles/opendkim/templates/opendkim.conf.j2
@@ -0,0 +1,21 @@
1# OpenDKIM Configuration
2On-BadSignature reject
3On-Security reject
4Syslog yes
5SyslogSuccess yes
6LogResults yes
7Canonicalization simple
8Mode sv
9OversignHeaders From
10Domain {{ domain }}
11Selector {{ dkim_selector }}
12KeyFile /etc/dkimkeys/{{ dkim_selector }}.pem
13UserID opendkim
14UMask 007
15Socket local:/var/spool/postfix/opendkim/opendkim.sock
16PidFile /run/opendkim/opendkim.pid
17TemporaryDirectory /run/opendkim
18InternalHosts 127.0.0.1
19TrustAnchorFile /usr/share/dns/root.key
20RequireSafeKeys True
21AlwaysAddARHeader True