Created
August 28, 2019 20:19
-
-
Save krabello/446f069eaba220fa89ade8bbfa75f0cd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - hosts: webservers-test | |
| gather_facts: no | |
| remote_user: root | |
| pre_tasks: | |
| - name: Update apt cache. | |
| apt: update_cache=true cache_valid_time=600 | |
| tasks: | |
| - name: Install opendkim | |
| apt: | |
| name: opendkim | |
| state: latest | |
| install_recommends: yes | |
| update_cache: yes | |
| - name: Install opendkim-tools | |
| apt: | |
| name: opendkim-tools | |
| state: latest | |
| install_recommends: yes | |
| update_cache: yes | |
| - name: Create a zip archive of /etc/opendkim.conf | |
| changed_when: false | |
| archive: | |
| path: /etc/opendkim.conf | |
| format: zip | |
| - name: Add Domain & URL Line | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim.conf | |
| insertafter: EOF | |
| line: "Domain {{ url }}" | |
| - name: Comment out default socket | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim.conf | |
| state: present | |
| firstmatch: true | |
| regexp: '^Socket.+local:/var/run/opendkim/opendkim.sock$' | |
| line: "SOCKET inet:8891@localhost" | |
| - name: Add dkim key location line | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim.conf | |
| insertafter: EOF | |
| line: "KeyFile /etc/postfix/dkim.key" | |
| - name: Add dkim dns selector line | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim.conf | |
| insertafter: EOF | |
| line: "Selector mail" | |
| - name: Add keytables Location | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim.conf | |
| insertafter: EOF | |
| line: "\n\n# Map domains in From addresses to keys used to sign\nKeyTable refile:/etc/opendkim/key.table" | |
| - name: Add SigningTable Location | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim.conf | |
| insertafter: EOF | |
| line: "\nSigningTable refile:/etc/opendkim/signing.table" | |
| - name: Add ExternalIgnoreList Location | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim.conf | |
| insertafter: EOF | |
| line: "\n\n# Hosts to ignore when verifying signatures\nExternalIgnoreList /etc/opendkim/trusted.hosts" | |
| - name: Add ExternalIgnoreList Location | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim.conf | |
| insertafter: EOF | |
| line: "\n\n# A set of internal hosts whose mail should be signed\nInternalHosts /etc/opendkim/trusted.hosts" | |
| - name: Change default socket path | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/default/opendkim | |
| state: present | |
| firstmatch: true | |
| regex: '^SOCKET.+$' | |
| line: "SOCKET=inet:8891@localhost" | |
| - name: Create a directory structure for OpenDKIM | |
| changed_when: false | |
| file: | |
| path: /etc/opendkim/keys | |
| state: directory | |
| owner: opendkim | |
| group: opendkim | |
| mode: "u=rwx,go=" | |
| recurse: yes | |
| - name: Create the signing table | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim/signing.table | |
| line: "*@{{ url }} mail._domainkey.{{ url }}" | |
| create: yes | |
| - name: Create the key table | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim/key.table | |
| line: "mail._domainkey.{{ url }} {{ url }}:mail:/etc/postfix/dkim.key" | |
| create: yes | |
| - name: Create the trusted hosts file | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/opendkim/trusted.hosts | |
| line: "127.0.0.1\nlocalhost\n\n*.{{ url }}" | |
| create: yes | |
| - name: Set mydestination to nothing | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/postfix/main.cf | |
| regex: "^mydestination = .+$" | |
| line: "mydestination =" | |
| - name: Set mydestination to nothing | |
| changed_when: false | |
| lineinfile: | |
| path: /etc/postfix/main.cf | |
| insertafter: EOF | |
| line: "\n\n# DKIM\nmilter_default_action = accept\nmilter_protocol = 2\nsmtpd_milters = inet:localhost:8891\nnon_smtpd_milters = inet:localhost:8891\n" | |
| - name: Generate DKIM Key | |
| changed_when: false | |
| command: opendkim-genkey -t -s mail -d {{ url }} | |
| args: | |
| warn: no | |
| - name: Move key | |
| changed_when: false | |
| command: cp mail.private /etc/postfix/dkim.key | |
| args: | |
| warn: no | |
| - name: Change owner to dkim.key | |
| command: chown opendkim:opendkim /etc/postfix/dkim.key | |
| changed_when: false | |
| args: | |
| warn: no | |
| - name: Change permissions to dkim.key | |
| command: chmod go-rw /etc/opendkim/keys | |
| changed_when: false | |
| args: | |
| warn: no | |
| - name: Change owner to /etc/opendkim | |
| command: chown -R opendkim:opendkim /etc/opendkim | |
| changed_when: false | |
| args: | |
| warn: no | |
| - name: TXT record on DNS | |
| command: cat mail.txt | |
| changed_when: false | |
| register: dns | |
| args: | |
| warn: no | |
| - debug: | |
| msg: "{{ dns.stdout }}" | |
| - name: Start opendkim | |
| command: service opendkim start | |
| changed_when: false | |
| args: | |
| warn: no | |
| - name: Restart postfix | |
| command: service postfix restart | |
| changed_when: false | |
| args: | |
| warn: no |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment