променени са 8 файла, в които са добавени 139 реда и са изтрити 0 реда
Обединен изглед
Diff Options
-
+2 -0defaults/main.yaml
-
+5 -0handlers/main.yaml
-
+51 -0tasks/main.yaml
-
+0 -0templates/KeyTable.j2
-
+0 -0templates/SigningTable.j2
-
+0 -0templates/TrustedHosts.j2
-
+80 -0templates/opendkim.conf.j2
-
+1 -0vars/main.yaml
+ 2
- 0
defaults/main.yaml
Целия файл
| @@ -1 +1,3 @@ | |||||
| --- | --- | ||||
| dkim_domains: [] | |||||
| opendkim_key_size: 2048 | |||||
+ 5
- 0
handlers/main.yaml
Целия файл
| @@ -1 +1,6 @@ | |||||
| --- | --- | ||||
| - name: reload opendkim | |||||
| service: | |||||
| name: opendkim | |||||
| state: reloaded | |||||
+ 51
- 0
tasks/main.yaml
Целия файл
| @@ -1 +1,52 @@ | |||||
| --- | --- | ||||
| - name: opendkim debian packages | |||||
| apt: | |||||
| pkg: | |||||
| - opendkim | |||||
| - opendkim-tools | |||||
| - python-openssl | |||||
| - name: opendkim config | |||||
| template: | |||||
| src: opendkim.conf.j2 | |||||
| dest: /etc/opendkim.conf | |||||
| notify: reload opendkim | |||||
| - name: dkim keys directory | |||||
| file: | |||||
| path: /etc/dkimkeys/{{item}} | |||||
| state: directory | |||||
| owner: opendkim | |||||
| group: opendkim | |||||
| mode: 0700 | |||||
| with_items: "{{dkim_domains}}" | |||||
| - name: dkim private keys | |||||
| openssl_privatekey: | |||||
| path: /etc/dkimkeys/{{item}}/mail.private | |||||
| size: "{{opendkim_key_size}}" | |||||
| owner: opendkim | |||||
| group: opendkim | |||||
| mode: 0600 | |||||
| with_items: "{{dkim_domains}}" | |||||
| - name: dkim public keys | |||||
| openssl_publickey: | |||||
| privatekey_path: /etc/dkimkeys/{{item}}/mail.private | |||||
| path: /etc/dkimkeys/{{item}}/mail.public | |||||
| owner: opendkim | |||||
| group: opendkim | |||||
| mode: 0600 | |||||
| with_items: "{{dkim_domains}}" | |||||
| - name: read dkim public keys | |||||
| command: cat /etc/dkimkeys/{{item}}/mail.public | |||||
| with_items: "{{dkim_domains}}" | |||||
| changed_when: false | |||||
| register: _opendkim_read_public_key | |||||
| - name: show dkim entries | |||||
| debug: | |||||
| msg: "{{_dkim_public_keys}}" | |||||
| with_items: "{{dkim_domains}}" | |||||
+ 0
- 0
templates/KeyTable.j2
Целия файл
+ 0
- 0
templates/SigningTable.j2
Целия файл
+ 0
- 0
templates/TrustedHosts.j2
Целия файл
+ 80
- 0
templates/opendkim.conf.j2
Целия файл
| @@ -0,0 +1,80 @@ | |||||
| {{ansible_managed|comment}} | |||||
| # This is a basic configuration that can easily be adapted to suit a standard | |||||
| # installation. For more advanced options, see opendkim.conf(5) and/or | |||||
| # /usr/share/doc/opendkim/examples/opendkim.conf.sample. | |||||
| # Log to syslog | |||||
| Syslog yes | |||||
| # Required to use local socket with MTAs that access the socket as a non- | |||||
| # privileged user (e.g. Postfix) | |||||
| UMask 007 | |||||
| #KeyTable /etc/opendkim/KeyTable | |||||
| #SigningTable /etc/opendkim/SigningTable | |||||
| #ExternalIgnoreList /etc/opendkim/TrustedHosts | |||||
| #InternalHosts /etc/opendkim/TrustedHosts | |||||
| # Commonly-used options; the commented-out versions show the defaults. | |||||
| #Canonicalization simple | |||||
| #Mode sv | |||||
| #SubDomains no | |||||
| # Socket smtp://localhost | |||||
| # | |||||
| # ## Socket socketspec | |||||
| # ## | |||||
| # ## Names the socket where this filter should listen for milter connections | |||||
| # ## from the MTA. Required. Should be in one of these forms: | |||||
| # ## | |||||
| # ## inet:port@address to listen on a specific interface | |||||
| # ## inet:port to listen on all interfaces | |||||
| # ## local:/path/to/socket to listen on a UNIX domain socket | |||||
| # | |||||
| #Socket inet:8892@localhost | |||||
| Socket local:/var/run/opendkim/opendkim.sock | |||||
| ## PidFile filename | |||||
| ### default (none) | |||||
| ### | |||||
| ### Name of the file where the filter should write its pid before beginning | |||||
| ### normal operations. | |||||
| # | |||||
| PidFile /var/run/opendkim/opendkim.pid | |||||
| # Always oversign From (sign using actual From and a null From to prevent | |||||
| # malicious signatures header fields (From and/or others) between the signer | |||||
| # and the verifier. From is oversigned by default in the Debian pacakge | |||||
| # because it is often the identity key used by reputation systems and thus | |||||
| # somewhat security sensitive. | |||||
| OversignHeaders From | |||||
| ## ResolverConfiguration filename | |||||
| ## default (none) | |||||
| ## | |||||
| ## Specifies a configuration file to be passed to the Unbound library that | |||||
| ## performs DNS queries applying the DNSSEC protocol. See the Unbound | |||||
| ## documentation at http://unbound.net for the expected content of this file. | |||||
| ## The results of using this and the TrustAnchorFile setting at the same | |||||
| ## time are undefined. | |||||
| ## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested | |||||
| ## unbound package | |||||
| # ResolverConfiguration /etc/unbound/unbound.conf | |||||
| ## TrustAnchorFile filename | |||||
| ## default (none) | |||||
| ## | |||||
| ## Specifies a file from which trust anchor data should be read when doing | |||||
| ## DNS queries and applying the DNSSEC protocol. See the Unbound documentation | |||||
| ## at http://unbound.net for the expected format of this file. | |||||
| TrustAnchorFile /usr/share/dns/root.key | |||||
| ## Userid userid | |||||
| ### default (none) | |||||
| ### | |||||
| ### Change to user "userid" before starting normal operation? May include | |||||
| ### a group ID as well, separated from the userid by a colon. | |||||
| # | |||||
| UserID opendkim | |||||
+ 1
- 0
vars/main.yaml
Целия файл
| @@ -1 +1,2 @@ | |||||
| --- | --- | ||||
| _dkim_public_keys: "{{_opendkim_read_public_key|json_query(\"results[].stdout_lines[1:-1]\")|map('join')|list}}" | |||||