adjustments to get it working with postfix

defaults/main.yaml

@@ -2,3 +2,4 @@
 dkim_domains: []
 dkim_selector: "{{ inventory_hostname_short }}"
 opendkim_key_size: 2048
+opendkim_socket: local:/var/run/opendkim/opendkim.sock

handlers/main.yaml

@@ -1,5 +1,10 @@
 ---
 
+- name: restart opendkim
+  service:
+    name: opendkim
+    state: restarted
+
 - name: reload opendkim
   service:
     name: opendkim

tasks/main.yaml

@@ -11,7 +11,7 @@
   template:
     src: opendkim.conf.j2
     dest: /etc/opendkim.conf
-  notify: reload opendkim
+  notify: restart opendkim
 
 - name: opendkim config directory
   file:
@@ -39,6 +39,7 @@
     group: opendkim
     mode: 0600
   with_items: "{{dkim_domains}}"
+  notify: reload opendkim
 
 - name: dkim public keys
   openssl_publickey:
@@ -48,6 +49,7 @@
     group: opendkim
     mode: 0600
   with_items: "{{dkim_domains}}"
+  notify: reload opendkim
 
 - name: read dkim public keys
   command: cat /etc/opendkim/keys/{{item}}/{{dkim_selector}}.public
@@ -59,28 +61,29 @@
   debug:
     msg: "{{_dkim_dns_records}}"
 
-- name: test dkim dns records
-  command: opendkim-testkey -v -d {{item}} -s {{dkim_selector}} -k /etc/opendkim/keys/{{item}}/{{dkim_selector}}.private
-  changed_when: false
-  with_items: "{{dkim_domains}}"
-
 - name: opendkim key table
   template:
     src: key.table.j2
     dest: /etc/opendkim/key.table
-    mode: 0600
+    group: opendkim
+    mode: 0640
+  notify: reload opendkim
 
 - name: opendkim signing table
   template:
     src: signing.table.j2
     dest: /etc/opendkim/signing.table
-    mode: 0600
+    group: opendkim
+    mode: 0640
+  notify: reload opendkim
 
-- name: opendkim signing table
+- name: opendkim trusted hosts
   template:
     src: trusted.hosts.j2
     dest: /etc/opendkim/trusted.hosts
-    mode: 0600
+    group: opendkim
+    mode: 0640
+  notify: reload opendkim
 
 - name: test opendkim configuration
   command: opendkim -n

tasks/test.yaml

@@ -0,0 +1,6 @@
+---
+
+- name: test dkim dns records
+  command: opendkim-testkey -v -d {{item}} -s {{dkim_selector}} -k /etc/opendkim/keys/{{item}}/{{dkim_selector}}.private
+  changed_when: false
+  with_items: "{{dkim_domains}}"

templates/opendkim.conf.j2

@@ -10,10 +10,9 @@ Syslog			yes
 # privileged user (e.g. Postfix)
 UMask			007
 
-ExternalIgnoreList      file:/etc/opendkim/trusted.hosts
-InternalHosts           file:/etc/opendkim/trusted.hosts
+InternalHosts           /etc/opendkim/trusted.hosts
 
-KeyTable                file:/etc/opendkim/key.table
+KeyTable                /etc/opendkim/key.table
 SigningTable            refile:/etc/opendkim/signing.table
 
 # Commonly-used options; the commented-out versions show the defaults.
@@ -21,8 +20,6 @@ SigningTable            refile:/etc/opendkim/signing.table
 #Mode			sv
 #SubDomains		no
 
-# Socket smtp://localhost
-#
 # ##  Socket socketspec
 # ##
 # ##  Names the socket where this filter should listen for milter connections
@@ -32,8 +29,7 @@ SigningTable            refile:/etc/opendkim/signing.table
 # ##  inet:port                   to listen on all interfaces
 # ##  local:/path/to/socket       to listen on a UNIX domain socket
 #
-#Socket                  inet:8892@localhost
-Socket			local:/var/run/opendkim/opendkim.sock
+Socket      {{opendkim_socket}}
 
 ##  PidFile filename
 ###      default (none)

templates/trusted.hosts.j2

@@ -1 +1,7 @@
 {{ansible_managed|comment}}
+
+::1
+127.0.0.1
+localhost
+ip6-localhost
+ip6-loopback