ansible-role-disposable-mail/tasks/opendkim.yml

87 lines
2.4 KiB
YAML

---
- name: Install and update OpenDKIM
ansible.builtin.package:
name:
- opendkim
- opendkim-tools
state: present
- name: Configure OpenDKIM
ansible.builtin.template:
src: opendkim.conf.j2
dest: /etc/opendkim.conf
notify: restart opendkim
- name: Ensure OpenDKIM unix socket path for postfix
ansible.builtin.file:
path: /var/spool/postfix/opendkim
state: directory
owner: postfix
group: opendkim
mode: '0770'
notify: restart opendkim
#- name: Generate DKIM signing key
# ansible.builtin.command:
# cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ postfix_domain }} --directory /etc/dkimkeys"
# creates: "/etc/dkimkeys/{{ dkim_selector }}.private"
# become: true
# become_user: opendkim
# notify: restart opendkim
- name: Ensure DKIM directories exist for each domain
ansible.builtin.file:
path: "/etc/dkimkeys/{{ item.name }}"
state: directory
owner: opendkim
group: opendkim
mode: '0750'
loop: "{{ [{'name': postfix_domain}] + postfix_virtual_domains }}"
- name: Generate DKIM signing keys for each domain
ansible.builtin.command:
cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ item.name }} --directory /etc/dkimkeys/{{ item.name }}"
creates: "/etc/dkimkeys/{{ item.name }}/{{ dkim_selector }}.private"
loop: "{{ [{'name': postfix_domain}] + postfix_virtual_domains }}"
become_user: opendkim
notify: restart opendkim
- name: Configure the KeyTable
ansible.builtin.template:
src: keytable.j2
dest: "{{ dkim_key_path }}/KeyTable"
mode: '0644'
notify: restart opendkim
- name: Configuring the SigningTable
ansible.builtin.template:
src: signingtable.j2
dest: "{{ dkim_key_path }}/SigningTable"
mode: '0644'
notify: restart opendkim
- name: Ensure postfix is in opendkim group
ansible.builtin.user:
name: postfix
groups: opendkim
append: true
notify: restart opendkim
- name: Register whether /var/spool/postfix/opendkim/opendkim.sock exists
ansible.builtin.stat:
path: /var/spool/postfix/opendkim/opendkim.sock
register: opendkim_socket
- name: (Workaround) Force opendkim to restart again if the unix socket is still missing.
ansible.builtin.systemd:
name: opendkim
state: restarted
when: not opendkim_socket.stat.exists
- name: Ensure opendkim service is started and enabled.
ansible.builtin.service:
name: opendkim
state: started
enabled: yes