Configure DKIM.
This commit is contained in:
parent
0ae5a0a169
commit
b9018a9171
|
@ -7,4 +7,5 @@
|
|||
- julien@palard.fr
|
||||
- marc@debureaux.fr
|
||||
roles:
|
||||
- common
|
||||
- discourse
|
||||
|
|
|
@ -2,3 +2,6 @@
|
|||
|
||||
- name: reload nftables
|
||||
service: name=nftables state=reloaded
|
||||
|
||||
- name: reload exim4
|
||||
service: name=exim4 state=reloaded
|
||||
|
|
|
@ -5,6 +5,63 @@
|
|||
hostname:
|
||||
name: "{{ inventory_hostname_short }}"
|
||||
|
||||
- name: Configure FQDN
|
||||
lineinfile:
|
||||
path: /etc/hosts
|
||||
regexp: '^127\.0\.0\.1'
|
||||
line: "127.0.0.1 {{ inventory_hostname }} {{ inventory_hostname_short }} localhost"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Choose a DKIM selector
|
||||
set_fact:
|
||||
dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
|
||||
|
||||
- name: Create /etc/exim4/dkim/ directory
|
||||
file:
|
||||
path: /etc/exim4/dkim/
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: Debian-exim
|
||||
group: Debian-exim
|
||||
|
||||
- name: Generate a private key for DKIM
|
||||
command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
|
||||
args:
|
||||
creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||
|
||||
- name: Allow exim to read the DKIM private key
|
||||
file:
|
||||
path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||
owner: root
|
||||
group: Debian-exim
|
||||
mode: 0640
|
||||
|
||||
- name: Derive the public key for DKIM
|
||||
command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
|
||||
args:
|
||||
chdir: /etc/exim4/dkim/
|
||||
creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
|
||||
|
||||
- name: Configure exim to use our DKIM key
|
||||
copy:
|
||||
dest: /etc/exim4/conf.d/main/00_local_macros
|
||||
content: |
|
||||
DKIM_CANON = relaxed
|
||||
DKIM_SELECTOR = {{ dkim_selector }}
|
||||
DKIM_DOMAIN = {{ inventory_hostname }}
|
||||
DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: reload exim4
|
||||
register: config_exim
|
||||
|
||||
- name: Reconfigure exim4
|
||||
command: update-exim4.conf
|
||||
when: config_exim is changed
|
||||
|
||||
- package: name=nftables state=present
|
||||
|
||||
- service: name=nftables enabled=yes state=started daemon_reload=yes
|
||||
|
|
|
@ -41,3 +41,15 @@
|
|||
template:
|
||||
src: app.yml
|
||||
dest: /var/discourse/containers/app.yml
|
||||
|
||||
- name: Allow docker to send emails via exim
|
||||
lineinfile:
|
||||
path: /etc/exim4/update-exim4.conf.conf
|
||||
regexp: ^dc_local_interfaces=
|
||||
line: "dc_local_interfaces='127.0.0.1;172.17.0.1'"
|
||||
|
||||
- name: Allow docker to send emails via exim
|
||||
lineinfile:
|
||||
path: /etc/exim4/update-exim4.conf.conf
|
||||
regexp: ^dc_relay_nets=
|
||||
line: "dc_relay_nets='172.16.0.0/12'"
|
||||
|
|
Loading…
Reference in New Issue