From 724d877995dfcc10c462a18dcb4ea6c8b60c2d03 Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sun, 2 Jul 2023 19:04:30 -0400 Subject: initial commit --- roles/opendkim/defaults/main.yml | 0 roles/opendkim/handlers/main.yml | 0 roles/opendkim/tasks/main.yml | 57 +++++++++++++++++++++++++++++++ roles/opendkim/templates/opendkim.conf.j2 | 21 ++++++++++++ 4 files changed, 78 insertions(+) create mode 100644 roles/opendkim/defaults/main.yml create mode 100644 roles/opendkim/handlers/main.yml create mode 100644 roles/opendkim/tasks/main.yml create mode 100644 roles/opendkim/templates/opendkim.conf.j2 (limited to 'roles/opendkim') diff --git a/roles/opendkim/defaults/main.yml b/roles/opendkim/defaults/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/opendkim/handlers/main.yml b/roles/opendkim/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml new file mode 100644 index 0000000..b56081a --- /dev/null +++ b/roles/opendkim/tasks/main.yml @@ -0,0 +1,57 @@ +- name: install packages + package: + name: + - opendkim + - opendkim-tools + state: latest + +- name: create dkimkeys directory + file: + path: /etc/dkimkeys + owner: opendkim + group: opendkim + mode: '700' + state: directory + +- name: generate opendkim key + command: + cmd: "opendkim-genkey -D /etc/dkimkeys -d {{ domain }} -s {{ dkim_selector }}" + +- name: rename dkim key file + command: "mv /etc/dkimkeys/{{ dkim_selector }}.private /etc/dkimkeys/{{ dkim_selector }}.pem" + args: + removes: "/etc/dkimkeys/{{ dkim_selector }}.private" + creates: "/etc/dkimkeys/{{ dkim_selector }}.pem" + +- name: make directory for socket inside postfix chroot + file: + path: /var/spool/postfix/opendkim + owner: opendkim + group: opendkim + mode: '770' + state: directory + +- name: add postfix user to opendkim group + user: + name: postfix + groups: opendkim + append: yes + +- name: deploy configuration + template: + src: opendkim.conf.j2 + dest: /etc/opendkim.conf + owner: root + group: root + mode: '0644' + +- name: enable opendkim + systemd: + enabled: yes + masked: no + name: opendkim + +- name: restart opendkim + service: + name: opendkim + state: restarted diff --git a/roles/opendkim/templates/opendkim.conf.j2 b/roles/opendkim/templates/opendkim.conf.j2 new file mode 100644 index 0000000..d3335a2 --- /dev/null +++ b/roles/opendkim/templates/opendkim.conf.j2 @@ -0,0 +1,21 @@ +# OpenDKIM Configuration +On-BadSignature reject +On-Security reject +Syslog yes +SyslogSuccess yes +LogResults yes +Canonicalization simple +Mode sv +OversignHeaders From +Domain {{ domain }} +Selector {{ dkim_selector }} +KeyFile /etc/dkimkeys/{{ dkim_selector }}.pem +UserID opendkim +UMask 007 +Socket local:/var/spool/postfix/opendkim/opendkim.sock +PidFile /run/opendkim/opendkim.pid +TemporaryDirectory /run/opendkim +InternalHosts 127.0.0.1 +TrustAnchorFile /usr/share/dns/root.key +RequireSafeKeys True +AlwaysAddARHeader True -- cgit v1.2.3