aboutsummaryrefslogtreecommitdiffstats
path: root/roles/mail/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/mail/tasks')
-rw-r--r--roles/mail/tasks/dkim-genkey.yml22
-rw-r--r--roles/mail/tasks/main.yml21
2 files changed, 35 insertions, 8 deletions
diff --git a/roles/mail/tasks/dkim-genkey.yml b/roles/mail/tasks/dkim-genkey.yml
index 467a5b9..e68dad5 100644
--- a/roles/mail/tasks/dkim-genkey.yml
+++ b/roles/mail/tasks/dkim-genkey.yml
@@ -1,15 +1,16 @@
---
-- set_fact:
+- name: var - set domain_keyfile
+ set_fact:
domain_keyfile: "{{ playbook_dir }}/private/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem"
-- name: (local) dkim - check domain private key existence
+- name: (local) opendkim - check domain private key existence
become: false
stat:
path: "{{ domain_keyfile }}"
delegate_to: localhost
register: stat_result
-- name: (local) dkim - generate domain private key
+- name: (local) opendkim - generate domain private key
become: false
command: >
openssl genrsa
@@ -17,9 +18,18 @@
delegate_to: localhost
when: not stat_result.stat.exists
-- name: dkim - copy domain private key
+- name: opendkim - copy domain private key
copy:
src: "{{ domain_keyfile }}"
dest: /usr/local/etc/mail/dkim/{{ domain_keyfile | basename }}
- group: mailnull
- mode: 0440
+ owner: mailnull
+ mode: 0400
+
+- name: opendkim - test domain key
+ command: >
+ opendkim-testkey -vv -d {{ domain }}
+ -s {{ mail.dkim.selector }}
+ -k /usr/local/etc/mail/dkim/{{ domain_keyfile | basename }}
+ register: cmd
+ # ignore the error that the DNS record not found
+ failed_when: cmd.rc not in [0, 69]
diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
index 019a2e0..186417f 100644
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@@ -8,14 +8,31 @@
- dovecot
- opendkim
-- name: dkim - create directory
+- name: opendkim - create directory
file:
path: /usr/local/etc/mail/dkim
state: directory
+ tags: opendkim
-- name: dkim - generate domain keys
+- name: opendkim - generate domain keys
include_tasks: dkim-genkey.yml domain={{ item }}
with_items: "{{ mail.domains }}"
+ tags: opendkim
+
+- name: opendkim - generate tables
+ template:
+ src: "{{ item }}"
+ dest: /usr/local/etc/mail/dkim/{{ item | basename | regex_replace('\\.zone\\.j2', '') }}
+ with_items:
+ - dkim/KeyTable.j2
+ - dkim/SigningTable.j2
+ tags: opendkim
+
+- name: opendkim - generate config file
+ template:
+ src: opendkim.conf.j2
+ dest: /usr/local/etc/mail/opendkim.conf
+ tags: opendkim
- name: postfix - set as mailer/MTA
file: