opendkim: Initial version of role
This commit is contained in:
parent
6c661f75b8
commit
546f091e91
4 changed files with 120 additions and 0 deletions
85
roles/opendkim/tasks/main.yml
Normal file
85
roles/opendkim/tasks/main.yml
Normal file
|
|
@ -0,0 +1,85 @@
|
|||
---
|
||||
- name: Install packages
|
||||
ansible.builtin.package:
|
||||
name: opendkim
|
||||
state: installed
|
||||
|
||||
- name: Fix SELinux contexts from keystore
|
||||
community.general.sefcontext:
|
||||
path: "/export/dkim(/.*)?"
|
||||
setype: etc_t
|
||||
|
||||
- name: Create keystore
|
||||
ansible.builtin.file:
|
||||
path: /export/dkim
|
||||
state: directory
|
||||
mode: "0710"
|
||||
owner: root
|
||||
group: opendkim
|
||||
setype: _default
|
||||
|
||||
- name: Link keystore
|
||||
ansible.builtin.file:
|
||||
dest: /srv/dkim
|
||||
src: /export/dkim
|
||||
state: link
|
||||
owner: root
|
||||
group: "{{ ansible_wheel }}"
|
||||
follow: false
|
||||
|
||||
- name: Add keystore Makefile
|
||||
ansible.builtin.copy:
|
||||
dest: /srv/dkim/Makefile
|
||||
src: keystore.Makefile
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: "{{ ansible_wheel }}"
|
||||
setype: _default
|
||||
|
||||
- name: Set selector
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/opendkim.conf
|
||||
regexp: '^(# )?Selector\s'
|
||||
line: "Selector\t{{ opendkim_selector }}"
|
||||
notify: Restart opendkim
|
||||
|
||||
- name: Set key file path
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/opendkim.conf
|
||||
regexp: '^(# )?KeyFile\s'
|
||||
line: "KeyFile\t/srv/dkim/{{ opendkim_selector }}.key"
|
||||
notify: Restart opendkim
|
||||
|
||||
- name: Enable signing and verifying messages
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/opendkim.conf
|
||||
regexp: '^(# )?Mode\s'
|
||||
line: "Mode\tsv"
|
||||
notify: Restart opendkim
|
||||
|
||||
- name: Configure signing domains
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/opendkim.conf
|
||||
regexp: '^(# )?Domain\s'
|
||||
line: "Domain\t{{ mail_domain }}"
|
||||
notify: Restart opendkim
|
||||
|
||||
- name: Configure report address
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/opendkim.conf
|
||||
regexp: '^(# )?ReportAddress\s'
|
||||
line: "ReportAddress\tpostmaster@{{ mail_domain }}"
|
||||
notify: Restart opendkim
|
||||
|
||||
- name: Don't add DKIM-Filter header
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/opendkim.conf
|
||||
regexp: '^(# )?SoftwareHeader\s'
|
||||
line: "SoftwareHeader\tno"
|
||||
notify: Restart opendkim
|
||||
|
||||
- name: Enable service
|
||||
ansible.builtin.service:
|
||||
name: opendkim
|
||||
state: started
|
||||
enabled: true
|
||||
Loading…
Add table
Add a link
Reference in a new issue