From f17bcc286adba8d2e3f9ff81c767d9820c8991b3 Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:40 +0200 Subject: [PATCH] [roles/server/mail/milter-dkim] setup dkim milter --- .../files/default/opendkim.service | 24 +++++++ .../key_somenet.org.s19700101.private | 1 + .../opendkim/key_somenet.org.s19700101.txt | 1 + .../files/default/opendkim/opendkim.conf | 28 ++++++++ .../default/opendkim/opendkim.keytable.conf | 9 +++ .../opendkim/opendkim.signingtable.conf | 9 +++ .../files/default/opendkim/trustedHosts.txt | 11 +++ .../server/mail/milter-dkim/handlers/main.yml | 13 ++++ roles/server/mail/milter-dkim/tasks/main.yml | 67 +++++++++++++++++++ 9 files changed, 163 insertions(+) create mode 100644 roles/server/mail/milter-dkim/files/default/opendkim.service create mode 100644 roles/server/mail/milter-dkim/files/default/opendkim/key_somenet.org.s19700101.private create mode 100644 roles/server/mail/milter-dkim/files/default/opendkim/key_somenet.org.s19700101.txt create mode 100644 roles/server/mail/milter-dkim/files/default/opendkim/opendkim.conf create mode 100644 roles/server/mail/milter-dkim/files/default/opendkim/opendkim.keytable.conf create mode 100644 roles/server/mail/milter-dkim/files/default/opendkim/opendkim.signingtable.conf create mode 100644 roles/server/mail/milter-dkim/files/default/opendkim/trustedHosts.txt create mode 100644 roles/server/mail/milter-dkim/handlers/main.yml create mode 100644 roles/server/mail/milter-dkim/tasks/main.yml diff --git a/roles/server/mail/milter-dkim/files/default/opendkim.service b/roles/server/mail/milter-dkim/files/default/opendkim.service new file mode 100644 index 0000000..91f9f04 --- /dev/null +++ b/roles/server/mail/milter-dkim/files/default/opendkim.service @@ -0,0 +1,24 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +[Unit] +Description=OpenDKIM Milter +Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-lua(3) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testkey(8) http://www.opendkim.org/docs.html +After=network.target nss-lookup.target + +[Service] +User=opendkim +Group=opendkim +UMask=0007 +ExecStart=/usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf +ExecReload=/bin/kill -USR1 $MAINPID +Slice=system-postfix.slice +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/roles/server/mail/milter-dkim/files/default/opendkim/key_somenet.org.s19700101.private b/roles/server/mail/milter-dkim/files/default/opendkim/key_somenet.org.s19700101.private new file mode 100644 index 0000000..9b270b7 --- /dev/null +++ b/roles/server/mail/milter-dkim/files/default/opendkim/key_somenet.org.s19700101.private @@ -0,0 +1 @@ +# OVERRIDE ME! diff --git a/roles/server/mail/milter-dkim/files/default/opendkim/key_somenet.org.s19700101.txt b/roles/server/mail/milter-dkim/files/default/opendkim/key_somenet.org.s19700101.txt new file mode 100644 index 0000000..9b270b7 --- /dev/null +++ b/roles/server/mail/milter-dkim/files/default/opendkim/key_somenet.org.s19700101.txt @@ -0,0 +1 @@ +# OVERRIDE ME! diff --git a/roles/server/mail/milter-dkim/files/default/opendkim/opendkim.conf b/roles/server/mail/milter-dkim/files/default/opendkim/opendkim.conf new file mode 100644 index 0000000..66e0b75 --- /dev/null +++ b/roles/server/mail/milter-dkim/files/default/opendkim/opendkim.conf @@ -0,0 +1,28 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +Syslog yes +SyslogSuccess yes +LogWhy yes +LogResults yes + +TemporaryDirectory /run/opendkim +Socket local:/run/opendkim/opendkim.sock +Mode sv + +ReportAddress postmaster@somenet.org +SendReports yes +RequestReports yes + +ExternalIgnoreList refile:/etc/opendkim/trustedHosts.txt +InternalHosts refile:/etc/opendkim/trustedHosts.txt +KeyTable refile:/etc/opendkim/opendkim.keytable.conf +SigningTable refile:/etc/opendkim/opendkim.signingtable.conf + +Canonicalization relaxed/simple +OmitHeaders *,+Subject diff --git a/roles/server/mail/milter-dkim/files/default/opendkim/opendkim.keytable.conf b/roles/server/mail/milter-dkim/files/default/opendkim/opendkim.keytable.conf new file mode 100644 index 0000000..3ad898a --- /dev/null +++ b/roles/server/mail/milter-dkim/files/default/opendkim/opendkim.keytable.conf @@ -0,0 +1,9 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +s19700101._domainkey.somenet.org somenet.org:s19700101:/etc/opendkim/key_somenet.org.s19700101.private diff --git a/roles/server/mail/milter-dkim/files/default/opendkim/opendkim.signingtable.conf b/roles/server/mail/milter-dkim/files/default/opendkim/opendkim.signingtable.conf new file mode 100644 index 0000000..8657844 --- /dev/null +++ b/roles/server/mail/milter-dkim/files/default/opendkim/opendkim.signingtable.conf @@ -0,0 +1,9 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +*@somenet.org s19700101._domainkey.somenet.org diff --git a/roles/server/mail/milter-dkim/files/default/opendkim/trustedHosts.txt b/roles/server/mail/milter-dkim/files/default/opendkim/trustedHosts.txt new file mode 100644 index 0000000..32356fc --- /dev/null +++ b/roles/server/mail/milter-dkim/files/default/opendkim/trustedHosts.txt @@ -0,0 +1,11 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +l +localhost +127.0.0.1 diff --git a/roles/server/mail/milter-dkim/handlers/main.yml b/roles/server/mail/milter-dkim/handlers/main.yml new file mode 100644 index 0000000..b9172cc --- /dev/null +++ b/roles/server/mail/milter-dkim/handlers/main.yml @@ -0,0 +1,13 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: restart opendkim.service + systemd: + name: opendkim.service + daemon_reload: yes + state: restarted + ignore_errors: yes diff --git a/roles/server/mail/milter-dkim/tasks/main.yml b/roles/server/mail/milter-dkim/tasks/main.yml new file mode 100644 index 0000000..98b9b35 --- /dev/null +++ b/roles/server/mail/milter-dkim/tasks/main.yml @@ -0,0 +1,67 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: install opendkim + apt: + pkg: + - opendkim + state: present + policy_rc_d: 101 + tags: "online" + ignore_errors: "{{ignore_online_errors | bool}}" + + +- name: remove opendkim.conf + file: + path: "/etc/opendkim.conf" + state: absent + + +- name: create opendkim config dir + file: + path: "/etc/opendkim" + state: directory + mode: 0700 + owner: "opendkim" + group: "opendkim" + + +- name: copy opendkim configs and keys + copy: + src: "{{item.src}}" + dest: "/etc/opendkim/{{item.path}}" + mode: 0600 + owner: "opendkim" + group: "opendkim" + with_filetree: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/opendkim/" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/opendkim/" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/opendkim/" + - "default/opendkim/" + when: item.state == "file" + notify: restart opendkim.service + + +- name: copy opendkim.service to /etc/systemd/system/ + copy: + src: "{{item}}" + dest: "/etc/systemd/system/opendkim.service" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/opendkim.service" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/opendkim.service" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/opendkim.service" + - "default/opendkim.service" + notify: restart opendkim.service + + +- name: enable and start opendkim.service + include_role: name="base/systemd/enable-and-start" + vars: + service_name: opendkim.service -- 2.43.0