ansible-role-postfix/tasks/dkim.yml

---
- name: Manage the DKIM packages in EL systems
  block:
    - name: Install the DKIM packages on EL
      yum:
        pkg: '{{ postfix_dkim_el_pkgs }}'
        state: present

  when:
    - ansible_distribution_file_variety == "RedHat"
    - postfix_dkim_enabled
  tags: ['postfix', 'postfix_dkim', 'dkim']

- name: Manage the DKIM packages in DEB systems
  block:
    - name: Install the DKIM packages on DEB
      apt:
        pkg: '{{ postfix_dkim_deb_pkgs }}'
        state: present
        cache_valid_time: 1800

  when:
    - ansible_distribution_file_variety == "Debian"
    - postfix_dkim_enabled
  tags: ['postfix', 'postfix_dkim', 'dkim']

- name: DKIM configuration
  block:
    - name: Create the dkim domains subdirs
      file:
        dest: '{{ postfix_dkim_base_dir }}/{{ item.domain }}'
        state: directory
        mode: 0750
        owner: '{{ postfix_dkim_user }}'
        group: '{{ postfix_dkim_group }}'
      loop: '{{ postfix_dkim_domains }}'

    - name: Create the dkim signatures
      become: true
      become_user: '{{ postfix_dkim_user }}'
      shell: opendkim-genkey -D {{ postfix_dkim_base_dir }}/{{ item.domain }} -d {{ item.domain }} -s {{ item.dkim_selector }}
      args:
        creates: '{{ postfix_dkim_base_dir }}/{{ item.domain }}/{{ item.dkim_selector }}.private'
      loop: '{{ postfix_dkim_domains }}'
      notify: restart opendkim

    - name: Update the keytable and signitable files
      template:
        src: 'dkim_{{ item }}.j2'
        dest: '{{ postfix_dkim_base_dir }}/{{ item }}'
        owner: '{{ postfix_dkim_user }}'
        group: '{{ postfix_dkim_group }}'
        mode: 0600
      loop:
        - keytable
        - signingtable
      notify: restart opendkim

    - name: Install the trustedhosts list when defined
      template:
        src: 'dkim_trustedhosts.j2'
        dest: '{{ postfix_dkim_base_dir }}/trustedhosts'
        owner: '{{ postfix_dkim_user }}'
        group: '{{ postfix_dkim_group }}'
        mode: 0600
      notify: restart opendkim
      when: postfix_dkim_trusted_hosts_enabled

    - name: Install the opendkim configuration
      template:
        src: opendkim.conf.j2
        dest: '{{ postfix_dkim_conf }}'
        owner: root
        group: root
        mode: 0644
      notify: restart opendkim

  tags: ['postfix', 'postfix_dkim', 'dkim', 'postfix_conf', 'dkim_conf']

- name: Manage the DKIM service
  block:
    - name: Ensure that the opendkim service is started and enabled
      service:
        name: opendkim
        state: started
        enabled: true

  tags: ['postfix', 'postfix_dkim', 'dkim']