Configure DKIM.
This commit is contained in:
parent
0ae5a0a169
commit
b9018a9171
|
@ -7,4 +7,5 @@
|
||||||
- julien@palard.fr
|
- julien@palard.fr
|
||||||
- marc@debureaux.fr
|
- marc@debureaux.fr
|
||||||
roles:
|
roles:
|
||||||
|
- common
|
||||||
- discourse
|
- discourse
|
||||||
|
|
|
@ -2,3 +2,6 @@
|
||||||
|
|
||||||
- name: reload nftables
|
- name: reload nftables
|
||||||
service: name=nftables state=reloaded
|
service: name=nftables state=reloaded
|
||||||
|
|
||||||
|
- name: reload exim4
|
||||||
|
service: name=exim4 state=reloaded
|
||||||
|
|
|
@ -5,6 +5,63 @@
|
||||||
hostname:
|
hostname:
|
||||||
name: "{{ inventory_hostname_short }}"
|
name: "{{ inventory_hostname_short }}"
|
||||||
|
|
||||||
|
- name: Configure FQDN
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/hosts
|
||||||
|
regexp: '^127\.0\.0\.1'
|
||||||
|
line: "127.0.0.1 {{ inventory_hostname }} {{ inventory_hostname_short }} localhost"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Choose a DKIM selector
|
||||||
|
set_fact:
|
||||||
|
dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
|
||||||
|
|
||||||
|
- name: Create /etc/exim4/dkim/ directory
|
||||||
|
file:
|
||||||
|
path: /etc/exim4/dkim/
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: Debian-exim
|
||||||
|
group: Debian-exim
|
||||||
|
|
||||||
|
- name: Generate a private key for DKIM
|
||||||
|
command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
|
||||||
|
args:
|
||||||
|
creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||||
|
|
||||||
|
- name: Allow exim to read the DKIM private key
|
||||||
|
file:
|
||||||
|
path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||||
|
owner: root
|
||||||
|
group: Debian-exim
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Derive the public key for DKIM
|
||||||
|
command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
|
||||||
|
args:
|
||||||
|
chdir: /etc/exim4/dkim/
|
||||||
|
creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
|
||||||
|
|
||||||
|
- name: Configure exim to use our DKIM key
|
||||||
|
copy:
|
||||||
|
dest: /etc/exim4/conf.d/main/00_local_macros
|
||||||
|
content: |
|
||||||
|
DKIM_CANON = relaxed
|
||||||
|
DKIM_SELECTOR = {{ dkim_selector }}
|
||||||
|
DKIM_DOMAIN = {{ inventory_hostname }}
|
||||||
|
DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: reload exim4
|
||||||
|
register: config_exim
|
||||||
|
|
||||||
|
- name: Reconfigure exim4
|
||||||
|
command: update-exim4.conf
|
||||||
|
when: config_exim is changed
|
||||||
|
|
||||||
- package: name=nftables state=present
|
- package: name=nftables state=present
|
||||||
|
|
||||||
- service: name=nftables enabled=yes state=started daemon_reload=yes
|
- service: name=nftables enabled=yes state=started daemon_reload=yes
|
||||||
|
|
|
@ -41,3 +41,15 @@
|
||||||
template:
|
template:
|
||||||
src: app.yml
|
src: app.yml
|
||||||
dest: /var/discourse/containers/app.yml
|
dest: /var/discourse/containers/app.yml
|
||||||
|
|
||||||
|
- name: Allow docker to send emails via exim
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/exim4/update-exim4.conf.conf
|
||||||
|
regexp: ^dc_local_interfaces=
|
||||||
|
line: "dc_local_interfaces='127.0.0.1;172.17.0.1'"
|
||||||
|
|
||||||
|
- name: Allow docker to send emails via exim
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/exim4/update-exim4.conf.conf
|
||||||
|
regexp: ^dc_relay_nets=
|
||||||
|
line: "dc_relay_nets='172.16.0.0/12'"
|
||||||
|
|
Loading…
Reference in New Issue