99 lines
2.9 KiB
YAML
99 lines
2.9 KiB
YAML
---
|
|
- name: "Directory for opendkim keys for {{ domain }} present"
|
|
file:
|
|
path: "/etc/opendkim/keys/{{ domain }}"
|
|
state: directory
|
|
owner: opendkim
|
|
group: opendkim
|
|
mode: 0700
|
|
tags:
|
|
- email
|
|
|
|
- name: "OpenDKIM selector present for {{ domain }}"
|
|
shell: "date +%Y%m%d > /etc/opendkim/{{ domain }}_selector.txt"
|
|
args:
|
|
executable: /bin/bash
|
|
creates: "/etc/opendkim/{{ domain }}_selector.txt"
|
|
tags:
|
|
- email
|
|
|
|
- name: "OpenDKIM selector selector read for {{ domain }}"
|
|
slurp:
|
|
src: "/etc/opendkim/{{ domain }}_selector.txt"
|
|
register: "selector_b64encoded"
|
|
tags:
|
|
- email
|
|
|
|
- name: "Set a fact for the selector for {{ domain }}"
|
|
set_fact:
|
|
selector: "{{ selector_b64encoded['content'] | b64decode | trim }}"
|
|
tags:
|
|
- email
|
|
|
|
- name: "Keys for {{ domain }} present"
|
|
command: "opendkim-genkey -b 2048 -h sha256 -s {{ selector }} -d {{ domain }} -D /etc/opendkim/keys/{{ domain }}"
|
|
args:
|
|
creates: "/etc/opendkim/keys/{{ domain }}/{{ selector }}.private"
|
|
tags:
|
|
- email
|
|
|
|
- name: "SPF record added to /etc/opendkim/keys/{{ domain }}/{{ selector }}.txt"
|
|
lineinfile:
|
|
path: "/etc/opendkim/keys/{{ domain }}/{{ selector }}.txt"
|
|
line: '{{ domain }}. IN TXT "v=spf1 a mx include:{{ domain }} ~all"'
|
|
state: present
|
|
tags:
|
|
- email
|
|
|
|
- name: "OpenDKIM private key for {{ domain }} owned and only readable by opendkim user"
|
|
file:
|
|
path: "/etc/opendkim/keys/{{ domain }}/{{ selector }}.private"
|
|
owner: opendkim
|
|
group: opendkim
|
|
mode: 0600
|
|
tags:
|
|
- email
|
|
|
|
- name: "OpenDKIM key check for {{ domain }}"
|
|
shell: "opendkim-testkey -d {{ domain }} -s {{ selector }} -k {{ selector }}.private -vvv || echo 'key FAIL'"
|
|
args:
|
|
chdir: "/etc/opendkim/keys/{{ domain }}"
|
|
check_mode: false
|
|
register: opendkim_check
|
|
changed_when: false
|
|
tags:
|
|
- email
|
|
|
|
- name: "DNS configuration needed for {{ domain }}"
|
|
debug:
|
|
msg: "Please add the DNS record from /etc/opendkim/keys/{{ domain }}/{{ selector }}.txt"
|
|
when: '"key OK" not in opendkim_check.stdout'
|
|
tags:
|
|
- email
|
|
|
|
- name: "OpenDKIM key check passed so {{ domain }} added to new KeyTable and SigningTable files"
|
|
block:
|
|
|
|
- name: "KeyTable for {{ domain }} {{ opendkim_check.stdout }}"
|
|
lineinfile:
|
|
path: /etc/opendkim/KeyTable.new
|
|
line: "{{ selector }}._domainkey.{{ domain }} {{ domain }}:{{ selector }}:/etc/opendkim/keys/{{ domain }}/{{ selector }}.private"
|
|
regexp: "\\._domainkey\\.{{ domain }} {{ domain }}:{{ selector }}:"
|
|
state: present
|
|
create: true
|
|
tags:
|
|
- email
|
|
|
|
- name: "SigningTable for {{ domain }} {{ opendkim_check.stdout }}"
|
|
lineinfile:
|
|
path: /etc/opendkim/SigningTable.new
|
|
line: "*@{{ domain }} {{ selector }}._domainkey.{{ domain }}"
|
|
regexp: "^\\*@{{ domain }} "
|
|
state: present
|
|
create: true
|
|
tags:
|
|
- email
|
|
|
|
when: '"key OK" in opendkim_check.stdout'
|
|
...
|