opendkim: Initial version of role

2024-03-02 19:00:44 +00:00 · 2024-03-02 19:00:44 +00:00 · 546f091e91
commit 546f091e91
parent 6c661f75b8
4 changed files with 120 additions and 0 deletions
--- a/roles/opendkim/defaults/main.yml
+++ b/roles/opendkim/defaults/main.yml
@ -0,0 +1,2 @@
 ---
 opendkim_selector: default
--- a/roles/opendkim/files/keystore.Makefile
+++ b/roles/opendkim/files/keystore.Makefile
@ -0,0 +1,28 @@
 TARGETS := $(shell { \
  if [ $$(date +%m) -lt 6 ]; then \
    echo "$$(date +%Y)0101.key $$(date +%Y)0601.key" ; \
  else \
    echo "$$(date +%Y)0601.key $$(($$(date +%Y) + 1))0101.key" ; \
  fi \
  })
 all: $(TARGETS)
 %.key:
 	@set -eu ; \
 	openssl genrsa -out "$@" 2048 ; \
 	chgrp opendkim "$@" ; \
 	chmod 0640 "$@" ; \
 	echo ; \
 	data="$$(printf "v=DKIM1; k=rsa; p=%s" \
 	  "$$(openssl rsa -in "$@" -pubout -outform der 2>/dev/null | openssl base64 -A)")" ; \
 	pos=0 ; \
 	printf "%s._domainkey\tIN\tTXT\t" "$$(echo "$@" | cut -d. -f1)" ; \
 	while true ; do \
 	  printf "\"%s\"" \
 	    "$$(echo "$$data" | cut -c $$((pos + 1))-$$((pos + 254)))" ; \
 	  pos="$$((pos + 254))" ; \
 	  [ $${#data} -gt $$pos ] || break ; \
 	  printf " " ; \
 	done ; \
 	echo
--- a/roles/opendkim/handlers/main.yml
+++ b/roles/opendkim/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: Restart opendkim
  ansible.builtin.service:
    name: opendkim
    state: restarted
--- a/roles/opendkim/tasks/main.yml
+++ b/roles/opendkim/tasks/main.yml
@ -0,0 +1,85 @@
 ---
 - name: Install packages
  ansible.builtin.package:
    name: opendkim
    state: installed
 - name: Fix SELinux contexts from keystore
  community.general.sefcontext:
    path: "/export/dkim(/.*)?"
    setype: etc_t
 - name: Create keystore
  ansible.builtin.file:
    path: /export/dkim
    state: directory
    mode: "0710"
    owner: root
    group: opendkim
    setype: _default
 - name: Link keystore
  ansible.builtin.file:
    dest: /srv/dkim
    src: /export/dkim
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false
 - name: Add keystore Makefile
  ansible.builtin.copy:
    dest: /srv/dkim/Makefile
    src: keystore.Makefile
    mode: "0600"
    owner: root
    group: "{{ ansible_wheel }}"
    setype: _default
 - name: Set selector
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?Selector\s'
    line: "Selector\t{{ opendkim_selector }}"
  notify: Restart opendkim
 - name: Set key file path
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?KeyFile\s'
    line: "KeyFile\t/srv/dkim/{{ opendkim_selector }}.key"
  notify: Restart opendkim
 - name: Enable signing and verifying messages
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?Mode\s'
    line: "Mode\tsv"
  notify: Restart opendkim
 - name: Configure signing domains
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?Domain\s'
    line: "Domain\t{{ mail_domain }}"
  notify: Restart opendkim
 - name: Configure report address
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?ReportAddress\s'
    line: "ReportAddress\tpostmaster@{{ mail_domain }}"
  notify: Restart opendkim
 - name: Don't add DKIM-Filter header
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?SoftwareHeader\s'
    line: "SoftwareHeader\tno"
  notify: Restart opendkim
 - name: Enable service
  ansible.builtin.service:
    name: opendkim
    state: started
    enabled: true