Browse Source

current development state

master
parent
commit
a5f30180f1
8 changed files with 139 additions and 0 deletions
  1. +2
    -0
      defaults/main.yaml
  2. +5
    -0
      handlers/main.yaml
  3. +51
    -0
      tasks/main.yaml
  4. +0
    -0
      templates/KeyTable.j2
  5. +0
    -0
      templates/SigningTable.j2
  6. +0
    -0
      templates/TrustedHosts.j2
  7. +80
    -0
      templates/opendkim.conf.j2
  8. +1
    -0
      vars/main.yaml

+ 2
- 0
defaults/main.yaml View File

@@ -1 +1,3 @@
---
dkim_domains: []
opendkim_key_size: 2048

+ 5
- 0
handlers/main.yaml View File

@@ -1 +1,6 @@
---

- name: reload opendkim
service:
name: opendkim
state: reloaded

+ 51
- 0
tasks/main.yaml View File

@@ -1 +1,52 @@
---

- name: opendkim debian packages
apt:
pkg:
- opendkim
- opendkim-tools
- python-openssl

- name: opendkim config
template:
src: opendkim.conf.j2
dest: /etc/opendkim.conf
notify: reload opendkim

- name: dkim keys directory
file:
path: /etc/dkimkeys/{{item}}
state: directory
owner: opendkim
group: opendkim
mode: 0700
with_items: "{{dkim_domains}}"

- name: dkim private keys
openssl_privatekey:
path: /etc/dkimkeys/{{item}}/mail.private
size: "{{opendkim_key_size}}"
owner: opendkim
group: opendkim
mode: 0600
with_items: "{{dkim_domains}}"

- name: dkim public keys
openssl_publickey:
privatekey_path: /etc/dkimkeys/{{item}}/mail.private
path: /etc/dkimkeys/{{item}}/mail.public
owner: opendkim
group: opendkim
mode: 0600
with_items: "{{dkim_domains}}"

- name: read dkim public keys
command: cat /etc/dkimkeys/{{item}}/mail.public
with_items: "{{dkim_domains}}"
changed_when: false
register: _opendkim_read_public_key

- name: show dkim entries
debug:
msg: "{{_dkim_public_keys}}"
with_items: "{{dkim_domains}}"

+ 0
- 0
templates/KeyTable.j2 View File


+ 0
- 0
templates/SigningTable.j2 View File


+ 0
- 0
templates/TrustedHosts.j2 View File


+ 80
- 0
templates/opendkim.conf.j2 View File

@@ -0,0 +1,80 @@
{{ansible_managed|comment}}

# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 007

#KeyTable /etc/opendkim/KeyTable
#SigningTable /etc/opendkim/SigningTable
#ExternalIgnoreList /etc/opendkim/TrustedHosts
#InternalHosts /etc/opendkim/TrustedHosts

# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization simple
#Mode sv
#SubDomains no

# Socket smtp://localhost
#
# ## Socket socketspec
# ##
# ## Names the socket where this filter should listen for milter connections
# ## from the MTA. Required. Should be in one of these forms:
# ##
# ## inet:port@address to listen on a specific interface
# ## inet:port to listen on all interfaces
# ## local:/path/to/socket to listen on a UNIX domain socket
#
#Socket inet:8892@localhost
Socket local:/var/run/opendkim/opendkim.sock

## PidFile filename
### default (none)
###
### Name of the file where the filter should write its pid before beginning
### normal operations.
#
PidFile /var/run/opendkim/opendkim.pid

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From

## ResolverConfiguration filename
## default (none)
##
## Specifies a configuration file to be passed to the Unbound library that
## performs DNS queries applying the DNSSEC protocol. See the Unbound
## documentation at http://unbound.net for the expected content of this file.
## The results of using this and the TrustAnchorFile setting at the same
## time are undefined.
## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
## unbound package

# ResolverConfiguration /etc/unbound/unbound.conf

## TrustAnchorFile filename
## default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
## at http://unbound.net for the expected format of this file.

TrustAnchorFile /usr/share/dns/root.key

## Userid userid
### default (none)
###
### Change to user "userid" before starting normal operation? May include
### a group ID as well, separated from the userid by a colon.
#
UserID opendkim

+ 1
- 0
vars/main.yaml View File

@@ -1 +1,2 @@
---
_dkim_public_keys: "{{_opendkim_read_public_key|json_query(\"results[].stdout_lines[1:-1]\")|map('join')|list}}"

Loading…
Cancel
Save