diff options
Diffstat (limited to 'roles/opendkim')
-rw-r--r-- | roles/opendkim/defaults/main.yml | 0 | ||||
-rw-r--r-- | roles/opendkim/handlers/main.yml | 0 | ||||
-rw-r--r-- | roles/opendkim/tasks/main.yml | 57 | ||||
-rw-r--r-- | roles/opendkim/templates/opendkim.conf.j2 | 21 |
4 files changed, 78 insertions, 0 deletions
diff --git a/roles/opendkim/defaults/main.yml b/roles/opendkim/defaults/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/roles/opendkim/defaults/main.yml | |||
diff --git a/roles/opendkim/handlers/main.yml b/roles/opendkim/handlers/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/roles/opendkim/handlers/main.yml | |||
diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml new file mode 100644 index 0000000..b56081a --- /dev/null +++ b/roles/opendkim/tasks/main.yml | |||
@@ -0,0 +1,57 @@ | |||
1 | - name: install packages | ||
2 | package: | ||
3 | name: | ||
4 | - opendkim | ||
5 | - opendkim-tools | ||
6 | state: latest | ||
7 | |||
8 | - name: create dkimkeys directory | ||
9 | file: | ||
10 | path: /etc/dkimkeys | ||
11 | owner: opendkim | ||
12 | group: opendkim | ||
13 | mode: '700' | ||
14 | state: directory | ||
15 | |||
16 | - name: generate opendkim key | ||
17 | command: | ||
18 | cmd: "opendkim-genkey -D /etc/dkimkeys -d {{ domain }} -s {{ dkim_selector }}" | ||
19 | |||
20 | - name: rename dkim key file | ||
21 | command: "mv /etc/dkimkeys/{{ dkim_selector }}.private /etc/dkimkeys/{{ dkim_selector }}.pem" | ||
22 | args: | ||
23 | removes: "/etc/dkimkeys/{{ dkim_selector }}.private" | ||
24 | creates: "/etc/dkimkeys/{{ dkim_selector }}.pem" | ||
25 | |||
26 | - name: make directory for socket inside postfix chroot | ||
27 | file: | ||
28 | path: /var/spool/postfix/opendkim | ||
29 | owner: opendkim | ||
30 | group: opendkim | ||
31 | mode: '770' | ||
32 | state: directory | ||
33 | |||
34 | - name: add postfix user to opendkim group | ||
35 | user: | ||
36 | name: postfix | ||
37 | groups: opendkim | ||
38 | append: yes | ||
39 | |||
40 | - name: deploy configuration | ||
41 | template: | ||
42 | src: opendkim.conf.j2 | ||
43 | dest: /etc/opendkim.conf | ||
44 | owner: root | ||
45 | group: root | ||
46 | mode: '0644' | ||
47 | |||
48 | - name: enable opendkim | ||
49 | systemd: | ||
50 | enabled: yes | ||
51 | masked: no | ||
52 | name: opendkim | ||
53 | |||
54 | - name: restart opendkim | ||
55 | service: | ||
56 | name: opendkim | ||
57 | state: restarted | ||
diff --git a/roles/opendkim/templates/opendkim.conf.j2 b/roles/opendkim/templates/opendkim.conf.j2 new file mode 100644 index 0000000..d3335a2 --- /dev/null +++ b/roles/opendkim/templates/opendkim.conf.j2 | |||
@@ -0,0 +1,21 @@ | |||
1 | # OpenDKIM Configuration | ||
2 | On-BadSignature reject | ||
3 | On-Security reject | ||
4 | Syslog yes | ||
5 | SyslogSuccess yes | ||
6 | LogResults yes | ||
7 | Canonicalization simple | ||
8 | Mode sv | ||
9 | OversignHeaders From | ||
10 | Domain {{ domain }} | ||
11 | Selector {{ dkim_selector }} | ||
12 | KeyFile /etc/dkimkeys/{{ dkim_selector }}.pem | ||
13 | UserID opendkim | ||
14 | UMask 007 | ||
15 | Socket local:/var/spool/postfix/opendkim/opendkim.sock | ||
16 | PidFile /run/opendkim/opendkim.pid | ||
17 | TemporaryDirectory /run/opendkim | ||
18 | InternalHosts 127.0.0.1 | ||
19 | TrustAnchorFile /usr/share/dns/root.key | ||
20 | RequireSafeKeys True | ||
21 | AlwaysAddARHeader True | ||