- name: check key parameter fail: msg: some key parameters are not defined or set incorrectly when: (key is not mapping) or (key.type is not defined) or (key.path is not defined) - name: generate dkim key shell: cmd: "{{ [ 'rspamadm dkim_keygen', '-s ' ~ (key.selector | d(key.type) | quote), '-d ' ~ (key.tld | d(tld) | quote), '-t ' ~ (key.type | quote), '-k ' ~ (key.path | quote), ('-b 2048' if key.type == 'rsa' else '') ] | select() | list | join(' ') }}" creates: "{{ key.path }}" register: result - name: change dkim key owner and group file: path: "{{ key.path }}" state: file mode: 0400 owner: "{{ rspamd_user }}" group: "{{ rspamd_group }}" - name: ed25519 - build public key from stdout set_fact: rspamd_temp_pub_key: "{{ result.stdout | regex_search('p=([A-Za-z0-9+/=]+)', '\\1') | first }}" when: key.type == 'ed25519' and result is defined and result.changed - block: - name: rsa - get public key from dkim key openssl_privatekey_info: path: "{{ key.path }}" register: pub_key - name: rsa - build public key set_fact: rspamd_temp_pub_key: "{{ (pub_key.public_key | replace('-----BEGIN PUBLIC KEY-----', '') | replace('-----END PUBLIC KEY-----', '') | replace('\n', '') | trim ) }}" when: key.type == 'rsa' - block: - name: build dns record for public dkim key set_fact: rspamd_dkim_dns_record: "{{ [ 'v=DKIM1', ('h=sha256' if key.type == 'rsa' else ''), 'k=' ~ key.type, 's=email:tlsrpt', 'p=' ~ rspamd_temp_pub_key, ] | select() | list | join('; ') }}" - name: wait for user interaction if external ns is missing pause: when: services.external_ns is not defined - name: create dns record include_role: name: external_ns vars: nse_items: - {name: '{{ key.selector | d(key.type) }}._domainkey', type: 'TXT', value: '{{ rspamd_dkim_dns_record }}'} nse_function: add_records nse_instant: yes when: (rspamd_temp_pub_key is string) and (rspamd_temp_pub_key | length > 0) - name: unset rspamd pub key set_fact: rspamd_temp_pub_key: "{{ None }}"