dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
2 Branches
0 Tags
425 KiB
 
 
Tag: Branch: Tree: 5ca943312c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5ca943312c'
${ noResults }
ansible-playbooks/roles/rspamd/tasks/dkim.yml

79 lines
2.2 KiB
Raw Blame History

- name: check key parameter
fail:
msg: some key parameters are not defined or set incorrectly
when: (key is not mapping) or (key.type is not defined) or (key.path is not defined)
- name: generate dkim key
shell:
cmd: "{{ [
'rspamadm dkim_keygen',
'-s ' ~ (key.selector | d(key.type) | quote),
'-d ' ~ (key.tld | d(tld) | quote),
'-t ' ~ (key.type | quote),
'-k ' ~ (key.path | quote),
('-b 2048' if key.type == 'rsa' else '')
] | select() | list | join(' ') }}"
creates: "{{ key.path }}"
register: result
- name: change dkim key owner and group
file:
path: "{{ key.path }}"
state: file
mode: 0400
owner: "{{ rspamd_user }}"
group: "{{ rspamd_group }}"
- name: ed25519 - build public key from stdout
set_fact:
rspamd_temp_pub_key: "{{ result.stdout | regex_search('p=([A-Za-z0-9+/=]+)', '\\1') | first }}"
when: key.type == 'ed25519' and result is defined and result.changed
- block:
- name: rsa - get public key from dkim key
openssl_privatekey_info:
path: "{{ key.path }}"
register: pub_key
- name: rsa - build public key
set_fact:
rspamd_temp_pub_key: "{{ (pub_key.public_key | replace('-----BEGIN PUBLIC KEY-----', '') |
replace('-----END PUBLIC KEY-----', '') | replace('\n', '') | trim ) }}"
when: key.type == 'rsa'
- block:
- name: build dns record for public dkim key
set_fact:
rspamd_dkim_dns_record: "{{ [
'v=DKIM1',
('h=sha256' if key.type == 'rsa' else ''),
'k=' ~ key.type,
's=email:tlsrpt',
'p=' ~ rspamd_temp_pub_key,
] | select() | list | join('; ') }}"
- name: wait for user interaction if external ns is missing
pause:
when: services.external_ns is not defined
- name: create dns record
include_role:
name: external_ns
vars:
nse_items:
- {name: '{{ key.selector | d(key.type) }}._domainkey', type: 'TXT', value: '{{ rspamd_dkim_dns_record }}'}
nse_function: add_records
nse_instant: yes
when: (rspamd_temp_pub_key is string) and (rspamd_temp_pub_key | length > 0)
- name: unset rspamd pub key
set_fact:
rspamd_temp_pub_key: "{{ None }}"