Browse Source

complete opendkim setup

master
parent
commit
37a303b281
12 changed files with 74 additions and 13 deletions
  1. +1
    -0
      defaults/main.yaml
  2. +43
    -8
      tasks/main.yaml
  3. +0
    -0
      templates/KeyTable.j2
  4. +0
    -0
      templates/SigningTable.j2
  5. +0
    -0
      templates/TrustedHosts.j2
  6. +7
    -0
      templates/dns_records.json.j2
  7. +5
    -0
      templates/key.table.j2
  8. +5
    -4
      templates/opendkim.conf.j2
  9. +5
    -0
      templates/public_keys.json.j2
  10. +5
    -0
      templates/signing.table.j2
  11. +1
    -0
      templates/trusted.hosts.j2
  12. +2
    -1
      vars/main.yaml

+ 1
- 0
defaults/main.yaml View File

@@ -1,3 +1,4 @@
---
dkim_domains: []
dkim_selector: "{{ inventory_hostname_short }}"
opendkim_key_size: 2048

+ 43
- 8
tasks/main.yaml View File

@@ -13,9 +13,18 @@
dest: /etc/opendkim.conf
notify: reload opendkim

- name: dkim keys directory
- name: opendkim config directory
file:
path: /etc/dkimkeys/{{item}}
path: /etc/opendkim
state: directory
owner: opendkim
group: opendkim
mode: 0755
with_items: "{{dkim_domains}}"

- name: dkim keys directories
file:
path: /etc/opendkim/keys/{{item}}
state: directory
owner: opendkim
group: opendkim
@@ -24,7 +33,7 @@

- name: dkim private keys
openssl_privatekey:
path: /etc/dkimkeys/{{item}}/mail.private
path: /etc/opendkim/keys/{{item}}/{{dkim_selector}}.private
size: "{{opendkim_key_size}}"
owner: opendkim
group: opendkim
@@ -33,20 +42,46 @@

- name: dkim public keys
openssl_publickey:
privatekey_path: /etc/dkimkeys/{{item}}/mail.private
path: /etc/dkimkeys/{{item}}/mail.public
privatekey_path: /etc/opendkim/keys/{{item}}/{{dkim_selector}}.private
path: /etc/opendkim/keys/{{item}}/{{dkim_selector}}.public
owner: opendkim
group: opendkim
mode: 0600
with_items: "{{dkim_domains}}"

- name: read dkim public keys
command: cat /etc/dkimkeys/{{item}}/mail.public
command: cat /etc/opendkim/keys/{{item}}/{{dkim_selector}}.public
with_items: "{{dkim_domains}}"
changed_when: false
register: _opendkim_read_public_key

- name: show dkim entries
- name: show dkim dns records
debug:
msg: "{{_dkim_public_keys}}"
msg: "{{_dkim_dns_records}}"

- name: test dkim dns records
command: opendkim-testkey -v -d {{item}} -s {{dkim_selector}} -k /etc/opendkim/keys/{{item}}/{{dkim_selector}}.private
changed_when: false
with_items: "{{dkim_domains}}"

- name: opendkim key table
template:
src: key.table.j2
dest: /etc/opendkim/key.table
mode: 0600

- name: opendkim signing table
template:
src: signing.table.j2
dest: /etc/opendkim/signing.table
mode: 0600

- name: opendkim signing table
template:
src: trusted.hosts.j2
dest: /etc/opendkim/trusted.hosts
mode: 0600

- name: test opendkim configuration
command: opendkim -n
changed_when: false

+ 0
- 0
templates/KeyTable.j2 View File


+ 0
- 0
templates/SigningTable.j2 View File


+ 0
- 0
templates/TrustedHosts.j2 View File


+ 7
- 0
templates/dns_records.json.j2 View File

@@ -0,0 +1,7 @@
{
{% for dkim_domain in dkim_domains %}
"{{dkim_domain}}":
{% set key = _dkim_public_keys[dkim_domain] %}
"{{dkim_selector}}._domainkey IN TXT \"v=DKIM1; h=sha256; k=rsa; \" \"p={{key[0:253]}}\"{% for n in range((((key|length)-253)/255)|round|int) %} \"{{key[253+n*255:253+(n+1)*255]}}\"{% endfor %}"
{% endfor %}
}

+ 5
- 0
templates/key.table.j2 View File

@@ -0,0 +1,5 @@
{{ansible_managed|comment}}

{% for domain in dkim_domains %}
{{ domain }} {{domain}}:{{dkim_selector}}:/etc/opendkim/keys/{{domain}}/{{dkim_selector}}.private
{% endfor %}

+ 5
- 4
templates/opendkim.conf.j2 View File

@@ -10,10 +10,11 @@ Syslog yes
# privileged user (e.g. Postfix)
UMask 007

#KeyTable /etc/opendkim/KeyTable
#SigningTable /etc/opendkim/SigningTable
#ExternalIgnoreList /etc/opendkim/TrustedHosts
#InternalHosts /etc/opendkim/TrustedHosts
ExternalIgnoreList file:/etc/opendkim/trusted.hosts
InternalHosts file:/etc/opendkim/trusted.hosts

KeyTable file:/etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table

# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization simple


+ 5
- 0
templates/public_keys.json.j2 View File

@@ -0,0 +1,5 @@
{
{% for dkim_domain in dkim_domains %}
"{{dkim_domain}}":{{_opendkim_read_public_key|json_query("results[?item=='"+dkim_domain+"']|[0].stdout_lines[1:-1]")|join|to_json}},
{% endfor %}
}

+ 5
- 0
templates/signing.table.j2 View File

@@ -0,0 +1,5 @@
{{ansible_managed|comment}}

{% for domain in dkim_domains %}
*@{{domain}} {{domain}}
{% endfor %}

+ 1
- 0
templates/trusted.hosts.j2 View File

@@ -0,0 +1 @@
{{ansible_managed|comment}}

+ 2
- 1
vars/main.yaml View File

@@ -1,2 +1,3 @@
---
_dkim_public_keys: "{{_opendkim_read_public_key|json_query(\"results[].stdout_lines[1:-1]\")|map('join')|list}}"
_dkim_public_keys: "{{ lookup('template','public_keys.json.j2') }}"
_dkim_dns_records: "{{ lookup('template','dns_records.json.j2') }}"

Loading…
Cancel
Save