diff options
| -rw-r--r-- | roles/opendkim/files/mail.private | 50 | ||||
| -rw-r--r-- | roles/opendkim/files/mail.txt | 2 | ||||
| -rw-r--r-- | roles/opendkim/files/opendkim.conf | 100 | ||||
| -rw-r--r-- | roles/opendkim/handlers/main.yml | 4 | ||||
| -rw-r--r-- | roles/opendkim/tasks/main.yml | 28 |
5 files changed, 184 insertions, 0 deletions
diff --git a/roles/opendkim/files/mail.private b/roles/opendkim/files/mail.private new file mode 100644 index 0000000..ed1d799 --- /dev/null +++ b/roles/opendkim/files/mail.private @@ -0,0 +1,50 @@ +$ANSIBLE_VAULT;1.1;AES256 +38303738386236636234393166646635616134323636313163613064633261383135613739336131 +3961343961383131333166313364326466626661353832380a376135343532653438326130313366 +66323335353938346333646231653639393738343934616465333066346365333933373730366630 +6566373064666638650a613937353531343336363236333132373330623932373539356633653765 +30383061376264323730636635623861306236356133373930616134363737363334613966303663 +66623632636662666339393431363737383337653665366130343464616432353064313032323134 +65353265363366663065663837393234623339616637623836613731366139353538333464323265 +62646137636534346463653263363139333466623465356564383335316530616334666338643362 +63303233363035636534616361306364323064316239333139386464316432336337336566666539 +65383934633334323663396230393333396562633564376235626163393566643266663536653337 +34353630636335313337343432643662656530356333626461666333663133666336313230633439 +36383362343862363331363535346433376539666139643635613435326665363033363664303034 +66663266336534353665366238363937333832653263323334373862383864643563373835666135 +38363236363030326261326539386138613838326131383362373066313363346432643135313966 +31653939643132303837663131343230376238646166616232383436333733333731663966316533 +65316465363965666264646264373463346162363336666439376363323230363365323739356530 +30343032666161636531393730326237393330306462623463633338626566623232623435616365 +65373366396561373864643238633035376665333534396531626563633163383863343764366133 +63303932393864343564313363316230663436386238656365343438333165613762613064336363 +65353730326539363733663833343733643762633636306337353533373662383164373666613764 +65373030616563366233303634323037613536636262613637316537656538656266663066623561 +66393139646330663166656536323664653136393063383830373837356365643533336630666233 +31383539616166623932326638316362376162316134623634393936626365333238346632653561 +32646333653533376666616633613762656564626230326532306339376661386438643331623832 +39616361313137656634363863643933393039663562613039636261626534376434396134373063 +65376164373834633565343830366231623935303239346661623837343638623833616333393162 +36616532353466363639663735333839353132323164333263376639353430336332656535633637 +38363534626161333435326638333634363364333935323830366561313230396630316334356561 +36633864306134343066393738363137663433373330656565316435623630386532373838623065 +62636162346564613439663666383534383961343135396464666163323238646439383961386363 +32653233616266313037636563633131396237346233343433336531333332363930323463613931 +61353333313963306661613432383766343334643139313062383538353432616563623162356639 +61313533633437626535313434643862363363396339373231353638373764363061363165303066 +32633562383565363130316436663236643365393736353830653832653734613430306331303761 +31363735306465653635303737376237363132626330316235323837363432633163616131326432 +35323433656133343135396334383236613932663933633461343332356461386639656437363338 +62396336316338386534396162373163353161346364376234363237666563366232333032636637 +37333265646561346130383037653862303930353235333366653634376431633631376266373364 +63323864346166663232343439303630663862393461663635626136633230336363616366336263 +34373762336634313437313832366334316663636631343561306133633238376133393531333638 +62613733366164373662613630633135333737326535643862396563333561343565323866613862 +63626237633466656463623663383237326532363938656632373533393663316234313837333766 +62363066643139396135383133353863643466663139323362366665343164623063663937343534 +31656561623661373562356533636437666530383230613162383637616566376461323637386134 +31346535653536383264666366376165363366333531393963366230323333373230386331636138 +64386630363035653032303062306235346330343535623262623530663665373635326136613738 +38343138613366376562653230346533373337363337316635653935636339653166636334386238 +30653730326333313262366337663636653761386365343663643833663631613132323030613966 +6462 diff --git a/roles/opendkim/files/mail.txt b/roles/opendkim/files/mail.txt new file mode 100644 index 0000000..9f805a6 --- /dev/null +++ b/roles/opendkim/files/mail.txt @@ -0,0 +1,2 @@ +mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; s=email; " + "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfLCoTGJhay1bw8B78F559UcPdUXxYjBR51Y3zQNYVG6wIOZv9dB+HpAPdkgbxIgBC74HzOMTO4nr6EyFkfQ4srXzJyd/Wpc4fxwT6GrFFGLZmn+8thkVXqvxnjrLqKrwMXq48rDuFinT8mXa8ljTSW9yaxBoTlTajpgFk6LXPUQIDAQAB" ) ; ----- DKIM key mail for ilvokhin.com diff --git a/roles/opendkim/files/opendkim.conf b/roles/opendkim/files/opendkim.conf new file mode 100644 index 0000000..6e35ed8 --- /dev/null +++ b/roles/opendkim/files/opendkim.conf @@ -0,0 +1,100 @@ +## CONFIGURATION OPTIONS + +## BaseDirectory path +## default (none) +## +## Causes the filter to change to the named directory before beginning +## operation. Thus, cores will be dumped here and configuration files +## are read relative to this location. + +BaseDirectory /run/opendkim + +## Canonicalization hdrcanon[/bodycanon] +## default "simple/simple" +## +## Select canonicalizations to use when signing. If the "bodycanon" is +## omitted, "simple" is used. Valid values for each are "simple" and +## "relaxed". + +Canonicalization relaxed/relaxed + +## Domain dataset +## default (none) +## +## Specify for which domain(s) signing should be done. No default; must +## be specified for signing. + +Domain ilvokhin.com + +## KeyFile filename +## default (none) +## +## Specifies the path to the private key to use when signing. Ignored if +## SigningTable and KeyTable are used. No default; must be specified for +## signing if SigningTable/KeyTable are not in use. + +KeyFile /etc/opendkim/mail.private + +## LogWhy { yes | no } +## default "no" +## +## If logging is enabled (see Syslog below), issues very detailed logging +## about the logic behind the filter's decision to either sign a message +## or verify it. The logic behind the decision is non-trivial and can be +## confusing to administrators not familiar with its operation. A +## description of how the decision is made can be found in the OPERATIONS +## section of the opendkim(8) man page. This causes a large increase +## in the amount of log data generated for each message, so it should be +## limited to debugging use and not enabled for general operation. + +LogWhy yes + +## PidFile filename +## default (none) +## +## Name of the file where the filter should write its pid before beginning +## normal operations. + +PidFile /var/run/opendkim.pid + +## Selector name +## +## The name of the selector to use when signing. No default; must be +## specified for signing. + +Selector mail + +## Socket socketspec +## +## Names the socket where this filter should listen for milter connections +## from the MTA. Required. Should be in one of these forms: +## +## inet:port@address to listen on a specific interface +## inet:port to listen on all interfaces +## local:/path/to/socket to listen on a UNIX domain socket + +Socket local:/run/opendkim/opendkim.sock + +## SyslogSuccess { yes | no } +## default "no" +## +## Log success activity to syslog? + +SyslogSuccess yes + +## TemporaryDirectory path +## default /tmp +## +## Specifies which directory will be used for creating temporary files +## during message processing. + +TemporaryDirectory /run/opendkim + +## UMask mask +## default (none) +## +## Change the process umask for file creation to the specified value. +## The system has its own default which will be used (usually 022). +## See the umask(2) man page for more information. + +UMask 002 diff --git a/roles/opendkim/handlers/main.yml b/roles/opendkim/handlers/main.yml new file mode 100644 index 0000000..3cf093d --- /dev/null +++ b/roles/opendkim/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart opendkim + ansible.builtin.service: + name: opendkim + state: restarted diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml new file mode 100644 index 0000000..e38df64 --- /dev/null +++ b/roles/opendkim/tasks/main.yml @@ -0,0 +1,28 @@ +- name: Install opendkim + ansible.builtin.package: + name: + - opendkim + state: present + +- name: Configure opendkim + ansible.builtin.copy: + src: '{{ item }}' + dest: /etc/opendkim/ + owner: opendkim + group: opendkim + # It doesn't have much sense to set a more granular permissions for each + # specific file here, because /etc/opendkim directory itself has pretty + # strict permissions and non-privilege users can't read them anyway. + mode: u+rw,g-rwx,o-rwx + loop: + - files/opendkim.conf + - files/mail.private + - files/mail.txt + notify: + - Restart opendkim + +- name: Enable opendkim systemd service + ansible.builtin.service: + name: opendkim + enabled: yes + state: started |