Try to workaround the annoying issue where opendkim doesn't create a unix socket the first time.

docs/DEPLOYMENT.md

@@ -25,12 +25,13 @@
 
     See `man 5 postconf` for details.
 
-6. (optional) Create another TXT record for DKIM using the contents of /etc/dkimkeys/mail.txt
+6. Sanity check: https://mxtoolbox.com/
+
+7. (optional) Create another TXT record for DKIM using the contents of /etc/dkimkeys/mail.txt
 
     * See [scripts/print-rdata.py](../scripts/print-rdata.py) for an example of how to parse mail.txt
     * See [octodns](https://github.com/octodns/octodns-easydns) and [dnscontrol](https://dnscontrol.org/)
 
-7. Sanity check: https://mxtoolbox.com/
 
-8. After records propogate, verify outbound mail using: https://www.mail-tester.com/
+8. (optional) After records propogate, verify outbound mail using: https://www.mail-tester.com/
 

tasks/opendkim.yml

@@ -27,9 +27,23 @@
     creates: "/etc/dkimkeys/{{ dkim_selector }}.private"
   become: true
   become_user: opendkim
+  notify: restart opendkim
 
 - name: Ensure postfix is in opendkim group
   ansible.builtin.user:
     name: postfix
     groups: opendkim
     append: true
+  notify: restart opendkim
+
+- name: Register whether /var/spool/postfix/opendkim/opendkim.sock exists
+  ansible.builtin.stat:
+    path: /var/spool/postfix/opendkim/opendkim.sock
+  register: opendkim_socket
+
+- name: (Workaround) Force opendkim to restart again if the unix socket is still missing.
+  ansible.builtin.systemd:
+    name: opendkim
+    state: restarted
+  when: not opendkim_socket.stat.exists
+