2023-07-22 15:53:56 -07:00
|
|
|
---
|
|
|
|
- name: Install and update OpenDKIM
|
|
|
|
ansible.builtin.package:
|
|
|
|
name:
|
|
|
|
- opendkim
|
|
|
|
- opendkim-tools
|
2023-08-10 16:04:40 -07:00
|
|
|
state: present
|
2023-07-22 15:53:56 -07:00
|
|
|
|
|
|
|
- name: Configure OpenDKIM
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: opendkim.conf.j2
|
|
|
|
dest: /etc/opendkim.conf
|
|
|
|
notify: restart opendkim
|
|
|
|
|
|
|
|
- name: Ensure OpenDKIM unix socket path for postfix
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /var/spool/postfix/opendkim
|
|
|
|
state: directory
|
|
|
|
owner: postfix
|
|
|
|
group: opendkim
|
|
|
|
mode: '0770'
|
|
|
|
notify: restart opendkim
|
|
|
|
|
2024-05-29 11:58:31 -07:00
|
|
|
#- name: Generate DKIM signing key
|
|
|
|
# ansible.builtin.command:
|
|
|
|
# cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ postfix_domain }} --directory /etc/dkimkeys"
|
|
|
|
# creates: "/etc/dkimkeys/{{ dkim_selector }}.private"
|
|
|
|
# become: true
|
|
|
|
# become_user: opendkim
|
|
|
|
# notify: restart opendkim
|
|
|
|
|
|
|
|
- name: Ensure DKIM directories exist for each domain
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: "/etc/dkimkeys/{{ item.name }}"
|
|
|
|
state: directory
|
|
|
|
owner: opendkim
|
|
|
|
group: opendkim
|
|
|
|
mode: '0750'
|
|
|
|
loop: "{{ [{'name': postfix_domain}] + postfix_virtual_domains }}"
|
|
|
|
|
|
|
|
- name: Generate DKIM signing keys for each domain
|
2023-07-22 15:53:56 -07:00
|
|
|
ansible.builtin.command:
|
2024-05-29 11:58:31 -07:00
|
|
|
cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ item.name }} --directory /etc/dkimkeys/{{ item.name }}"
|
|
|
|
creates: "/etc/dkimkeys/{{ item.name }}/{{ dkim_selector }}.private"
|
|
|
|
loop: "{{ [{'name': postfix_domain}] + postfix_virtual_domains }}"
|
2023-07-22 15:53:56 -07:00
|
|
|
become_user: opendkim
|
2023-08-10 16:17:02 -07:00
|
|
|
notify: restart opendkim
|
2023-07-22 15:53:56 -07:00
|
|
|
|
2024-05-29 11:58:31 -07:00
|
|
|
- name: Configure the KeyTable
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: keytable.j2
|
|
|
|
dest: "{{ dkim_key_path }}/KeyTable"
|
|
|
|
mode: '0644'
|
|
|
|
notify: restart opendkim
|
|
|
|
|
|
|
|
- name: Configuring the SigningTable
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: signingtable.j2
|
|
|
|
dest: "{{ dkim_key_path }}/SigningTable"
|
|
|
|
mode: '0644'
|
|
|
|
notify: restart opendkim
|
|
|
|
|
2023-07-22 15:53:56 -07:00
|
|
|
- name: Ensure postfix is in opendkim group
|
|
|
|
ansible.builtin.user:
|
|
|
|
name: postfix
|
|
|
|
groups: opendkim
|
|
|
|
append: true
|
2023-08-10 16:17:02 -07:00
|
|
|
notify: restart opendkim
|
|
|
|
|
|
|
|
- name: Register whether /var/spool/postfix/opendkim/opendkim.sock exists
|
|
|
|
ansible.builtin.stat:
|
|
|
|
path: /var/spool/postfix/opendkim/opendkim.sock
|
|
|
|
register: opendkim_socket
|
|
|
|
|
|
|
|
- name: (Workaround) Force opendkim to restart again if the unix socket is still missing.
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
name: opendkim
|
|
|
|
state: restarted
|
|
|
|
when: not opendkim_socket.stat.exists
|
2023-08-21 09:20:49 -07:00
|
|
|
|
|
|
|
- name: Ensure opendkim service is started and enabled.
|
|
|
|
ansible.builtin.service:
|
|
|
|
name: opendkim
|
|
|
|
state: started
|
|
|
|
enabled: yes
|
|
|
|
|
2023-08-10 16:17:02 -07:00
|
|
|
|