roles/mail/tasks/dkim-genkey.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

---
- name: var - set domain_keyfile
  set_fact:
    domain_keyfile: "{{ playbook_dir }}/private/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem"

- name: (local) opendkim - check domain private key existence
  become: false
  stat:
    path: "{{ domain_keyfile }}"
  delegate_to: localhost
  register: stat_result

- name: (local) opendkim - generate domain private key
  become: false
  command: >
    openssl genrsa
    -out "{{ domain_keyfile }}" "{{ mail.dkim.bits }}"
  delegate_to: localhost
  when: not stat_result.stat.exists

- name: opendkim - copy domain private key
  copy:
    src: "{{ domain_keyfile }}"
    dest: /usr/local/etc/mail/dkim/{{ domain_keyfile | basename }}
    owner: mailnull
    mode: 0400

- name: opendkim - test domain key
  command: >
    opendkim-testkey -vv -d {{ domain }}
    -s {{ mail.dkim.selector }}
    -k /usr/local/etc/mail/dkim/{{ domain_keyfile | basename }}
  register: cmd
  # ignore the error that the DNS record not found
  failed_when: cmd.rc not in [0, 69]