init
This commit is contained in:
decentral1se
98
tasks/dkim_domain.yml
Normal file
98
tasks/dkim_domain.yml
Normal file
@ -0,0 +1,98 @@
|
||||
---
|
||||
- name: "Directory for opendkim keys for {{ domain }} present"
|
||||
file:
|
||||
path: "/etc/opendkim/keys/{{ domain }}"
|
||||
state: directory
|
||||
owner: opendkim
|
||||
group: opendkim
|
||||
mode: 0700
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "OpenDKIM selector present for {{ domain }}"
|
||||
shell: "date +%Y%m%d > /etc/opendkim/{{ domain }}_selector.txt"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
creates: "/etc/opendkim/{{ domain }}_selector.txt"
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "OpenDKIM selector selector read for {{ domain }}"
|
||||
slurp:
|
||||
src: "/etc/opendkim/{{ domain }}_selector.txt"
|
||||
register: "selector_b64encoded"
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "Set a fact for the selector for {{ domain }}"
|
||||
set_fact:
|
||||
selector: "{{ selector_b64encoded['content'] | b64decode | trim }}"
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "Keys for {{ domain }} present"
|
||||
command: "opendkim-genkey -b 2048 -h sha256 -s {{ selector }} -d {{ domain }} -D /etc/opendkim/keys/{{ domain }}"
|
||||
args:
|
||||
creates: "/etc/opendkim/keys/{{ domain }}/{{ selector }}.private"
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "SPF record added to /etc/opendkim/keys/{{ domain }}/{{ selector }}.txt"
|
||||
lineinfile:
|
||||
path: "/etc/opendkim/keys/{{ domain }}/{{ selector }}.txt"
|
||||
line: '{{ domain }}. IN TXT "v=spf1 a mx include:{{ domain }} ~all"'
|
||||
state: present
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "OpenDKIM private key for {{ domain }} owned and only readable by opendkim user"
|
||||
file:
|
||||
path: "/etc/opendkim/keys/{{ domain }}/{{ selector }}.private"
|
||||
owner: opendkim
|
||||
group: opendkim
|
||||
mode: 0600
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "OpenDKIM key check for {{ domain }}"
|
||||
shell: "opendkim-testkey -d {{ domain }} -s {{ selector }} -k {{ selector }}.private -vvv || echo 'key FAIL'"
|
||||
args:
|
||||
chdir: "/etc/opendkim/keys/{{ domain }}"
|
||||
check_mode: false
|
||||
register: opendkim_check
|
||||
changed_when: false
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "DNS configuration needed for {{ domain }}"
|
||||
debug:
|
||||
msg: "Please add the DNS record from /etc/opendkim/keys/{{ domain }}/{{ selector }}.txt"
|
||||
when: '"key OK" not in opendkim_check.stdout'
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "OpenDKIM key check passed so {{ domain }} added to new KeyTable and SigningTable files"
|
||||
block:
|
||||
|
||||
- name: "KeyTable for {{ domain }} {{ opendkim_check.stdout }}"
|
||||
lineinfile:
|
||||
path: /etc/opendkim/KeyTable.new
|
||||
line: "{{ selector }}._domainkey.{{ domain }} {{ domain }}:{{ selector }}:/etc/opendkim/keys/{{ domain }}/{{ selector }}.private"
|
||||
regexp: "\\._domainkey\\.{{ domain }} {{ domain }}:{{ selector }}:"
|
||||
state: present
|
||||
create: true
|
||||
tags:
|
||||
- email
|
||||
|
||||
- name: "SigningTable for {{ domain }} {{ opendkim_check.stdout }}"
|
||||
lineinfile:
|
||||
path: /etc/opendkim/SigningTable.new
|
||||
line: "*@{{ domain }} {{ selector }}._domainkey.{{ domain }}"
|
||||
regexp: "^\\*@{{ domain }} "
|
||||
state: present
|
||||
create: true
|
||||
tags:
|
||||
- email
|
||||
|
||||
when: '"key OK" in opendkim_check.stdout'
|
||||
...
|
||||
Reference in New Issue
Block a user