diff options
| author | Aaron LI <aly@aaronly.me> | 2018-03-05 09:46:35 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:35:08 +0800 |
| commit | 105f283be508c52496ed1a661dd1325f17282f0e (patch) | |
| tree | 99a6c2e5f21006b895c9031879fdbdefc0e598de /roles/mail/tasks | |
| parent | ba8ab3512064bb7b5aa2484c1ffdcd896ef3bc43 (diff) | |
| download | ansible-dfly-vps-105f283be508c52496ed1a661dd1325f17282f0e.tar.bz2 | |
mail: setup opendkim config files
Diffstat (limited to 'roles/mail/tasks')
| -rw-r--r-- | roles/mail/tasks/dkim-genkey.yml | 22 | ||||
| -rw-r--r-- | roles/mail/tasks/main.yml | 21 |
2 files changed, 35 insertions, 8 deletions
diff --git a/roles/mail/tasks/dkim-genkey.yml b/roles/mail/tasks/dkim-genkey.yml index 467a5b9..e68dad5 100644 --- a/roles/mail/tasks/dkim-genkey.yml +++ b/roles/mail/tasks/dkim-genkey.yml @@ -1,15 +1,16 @@ --- -- set_fact: +- name: var - set domain_keyfile + set_fact: domain_keyfile: "{{ playbook_dir }}/private/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem" -- name: (local) dkim - check domain private key existence +- name: (local) opendkim - check domain private key existence become: false stat: path: "{{ domain_keyfile }}" delegate_to: localhost register: stat_result -- name: (local) dkim - generate domain private key +- name: (local) opendkim - generate domain private key become: false command: > openssl genrsa @@ -17,9 +18,18 @@ delegate_to: localhost when: not stat_result.stat.exists -- name: dkim - copy domain private key +- name: opendkim - copy domain private key copy: src: "{{ domain_keyfile }}" dest: /usr/local/etc/mail/dkim/{{ domain_keyfile | basename }} - group: mailnull - mode: 0440 + owner: mailnull + mode: 0400 + +- name: opendkim - test domain key + command: > + opendkim-testkey -vv -d {{ domain }} + -s {{ mail.dkim.selector }} + -k /usr/local/etc/mail/dkim/{{ domain_keyfile | basename }} + register: cmd + # ignore the error that the DNS record not found + failed_when: cmd.rc not in [0, 69] diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 019a2e0..186417f 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -8,14 +8,31 @@ - dovecot - opendkim -- name: dkim - create directory +- name: opendkim - create directory file: path: /usr/local/etc/mail/dkim state: directory + tags: opendkim -- name: dkim - generate domain keys +- name: opendkim - generate domain keys include_tasks: dkim-genkey.yml domain={{ item }} with_items: "{{ mail.domains }}" + tags: opendkim + +- name: opendkim - generate tables + template: + src: "{{ item }}" + dest: /usr/local/etc/mail/dkim/{{ item | basename | regex_replace('\\.zone\\.j2', '') }} + with_items: + - dkim/KeyTable.j2 + - dkim/SigningTable.j2 + tags: opendkim + +- name: opendkim - generate config file + template: + src: opendkim.conf.j2 + dest: /usr/local/etc/mail/opendkim.conf + tags: opendkim - name: postfix - set as mailer/MTA file: |