diff --git a/defaults/main.yaml b/defaults/main.yaml index ed97d53..e3cefdc 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -1 +1,3 @@ --- + +opendmarc_socket: local:/var/run/opendmarc/opendmarc.sock diff --git a/handlers/main.yaml b/handlers/main.yaml index ed97d53..9d985d2 100644 --- a/handlers/main.yaml +++ b/handlers/main.yaml @@ -1 +1,6 @@ --- + +- name: restart opendmarc + service: + name: opendmarc + state: restarted diff --git a/tasks/main.yaml b/tasks/main.yaml index 1bc05bb..965fdfc 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -3,3 +3,9 @@ - name: opendmarc debian packages apt: pkg: opendmarc + +- name: opendmarc config + template: + src: opendmarc.conf.j2 + dest: /etc/opendmarc.conf + notify: restart opendmarc diff --git a/templates/opendmarc.conf.j2 b/templates/opendmarc.conf.j2 new file mode 100644 index 0000000..ba681cc --- /dev/null +++ b/templates/opendmarc.conf.j2 @@ -0,0 +1,89 @@ +{{ansible_managed|comment}} + +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendmarc/examples/opendmarc.conf.sample. + +## AuthservID (string) +## defaults to MTA name +# +# AuthservID name + +## FailureReports { true | false } +## default "false" +## +# FailureReports false + +PidFile /var/run/opendmarc/opendmarc.pid + +## RejectFailures { true | false } +## default "false" +## +RejectFailures false + +## Socket socketspec +## default (none) +## +## Specifies the socket that should be established by the filter to receive +## connections from sendmail(8) in order to provide service. socketspec is +## in one of two forms: local:path, which creates a UNIX domain socket at +## the specified path, or inet:port[@host] or inet6:port[@host] which creates +## a TCP socket on the specified port for the appropriate protocol family. +## If the host is not given as either a hostname or an IP address, the +## socket will be listening on all interfaces. This option is mandatory +## either in the configuration file or on the command line. If an IP +## address is used, it must be enclosed in square brackets. +# +Socket {{opendmarc_socket}} + +## Syslog { true | false } +## default "false" +## +## Log via calls to syslog(3) any interesting activity. +# +Syslog true + +## SyslogFacility facility-name +## default "mail" +## +## Log via calls to syslog(3) using the named facility. The facility names +## are the same as the ones allowed in syslog.conf(5). +# +# SyslogFacility mail + +## TrustedAuthservIDs string +## default HOSTNAME +## +## Specifies one or more "authserv-id" values to trust as relaying true +## upstream DKIM and SPF results. The default is to use the name of +## the MTA processing the message. To specify a list, separate each entry +## with a comma. The key word "HOSTNAME" will be replaced by the name of +## the host running the filter as reported by the gethostname(3) function. +# +# TrustedAuthservIDs HOSTNAME + + +## UMask mask +## default (none) +## +## Requests a specific permissions mask to be used for file creation. This +## only really applies to creation of the socket when Socket specifies a +## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary +## files are normally created by the mkstemp(3) function that enforces a +## specific file mode on creation regardless of the process umask. See +## umask(2) for more information. +# +UMask 0002 + +## UserID user[:group] +## default (none) +## +## Attempts to become the specified userid before starting operations. +## The process will be assigned all of the groups and primary group ID of +## the named userid unless an alternate group is specified. +# +UserID opendmarc + +## Path to system copy of PSL (needed to determine organizational domain) +# +PublicSuffixList /usr/share/publicsuffix/