49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
---
|
|
- name: Install and update OpenDKIM
|
|
ansible.builtin.package:
|
|
name:
|
|
- opendkim
|
|
- opendkim-tools
|
|
state: present
|
|
|
|
- name: Configure OpenDKIM
|
|
ansible.builtin.template:
|
|
src: opendkim.conf.j2
|
|
dest: /etc/opendkim.conf
|
|
notify: restart opendkim
|
|
|
|
- name: Ensure OpenDKIM unix socket path for postfix
|
|
ansible.builtin.file:
|
|
path: /var/spool/postfix/opendkim
|
|
state: directory
|
|
owner: postfix
|
|
group: opendkim
|
|
mode: '0770'
|
|
notify: restart opendkim
|
|
|
|
- name: Generate DKIM signing key
|
|
ansible.builtin.command:
|
|
cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ postfix_domain }} --directory /etc/dkimkeys"
|
|
creates: "/etc/dkimkeys/{{ dkim_selector }}.private"
|
|
become: true
|
|
become_user: opendkim
|
|
notify: restart opendkim
|
|
|
|
- name: Ensure postfix is in opendkim group
|
|
ansible.builtin.user:
|
|
name: postfix
|
|
groups: opendkim
|
|
append: true
|
|
notify: restart opendkim
|
|
|
|
- name: Register whether /var/spool/postfix/opendkim/opendkim.sock exists
|
|
ansible.builtin.stat:
|
|
path: /var/spool/postfix/opendkim/opendkim.sock
|
|
register: opendkim_socket
|
|
|
|
- name: (Workaround) Force opendkim to restart again if the unix socket is still missing.
|
|
ansible.builtin.systemd:
|
|
name: opendkim
|
|
state: restarted
|
|
when: not opendkim_socket.stat.exists
|
|
|