Skip to content

Commit

Permalink
permit multiple DKIM selectors
Browse files Browse the repository at this point in the history
  • Loading branch information
rtertiaer committed Jan 1, 2024
1 parent 687e135 commit d61dad0
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 4 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ on a single host.
* `mailfruit_admin_email` - *required*
* `mailfruit_certbot_authenticator` - _optional_, default: `standalone`
* `mailfruit_trees_git_ref` - _optional_, default: `master`
* `mailfruit_dkim_selector` - _optional_, default: `mail`. Set this to something unique per-server, unless you syncronize your DKIM keys another way.

## Example Playbook

Expand Down
2 changes: 1 addition & 1 deletion tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,4 @@

- name: Post-deploy reminders
ansible.builtin.debug:
msg: "Please ensure the DKIM TXT record at /etc/opendkim/keys/mail.txt is hosted for each domain. Each server generates its own; be sure to host each server's key for each domain!"
msg: "Please ensure the DKIM TXT record at /etc/opendkim/keys/{{ mailfruit_dkim_selector }}.txt is hosted for each domain. Each server generates its own; be sure to host each server's key for each domain!"
6 changes: 4 additions & 2 deletions tasks/opendkim.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@
mode: '0750'

- name: Make opendkim key
ansible.builtin.command: "opendkim-genkey -s mail"
ansible.builtin.command: "opendkim-genkey -s {{ mailfruit_dkim_selector }}"
args:
chdir: /etc/opendkim/keys
creates: /etc/opendkim/keys/mail.private
creates: "/etc/opendkim/keys/{{ mailfruit_dkim_selector }}.private"

- name: Set dkim key permissions
ansible.builtin.file:
Expand All @@ -35,6 +35,8 @@
path: /etc/default/opendkim
regexp: '^SOCKET='
line: 'SOCKET="inet:[email protected]"'
notify:
- Restart opendkim

- name: Manage /etc/opendkim.conf
ansible.builtin.template:
Expand Down
2 changes: 1 addition & 1 deletion templates/opendkim.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ InternalHosts csl:127.0.0.1/24,localhost
Domain csl:{% for domain in mailfruit_mail_domains %}{{ domain }}{% if not loop.last %},{% endif %}{% endfor %}

KeyFile /etc/opendkim/keys/mail.private
Selector mail
Selector {{ mailfruit_dkim_selector }}

Mode sv
PidFile /var/run/opendkim/opendkim.pid
Expand Down
6 changes: 6 additions & 0 deletions vars/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,9 @@ mailfruit_trees_git_ref: 'master'
# Should you have something running on port 80 already, change this to a certbot
# plugin that knows better what to do.
mailfruit_certbot_authenticator: 'standalone'

# The DKIM selector to use. This gets embedded in the DKIM signature in each outbound email,
# and informs the receiving server what DNS record to query to check the signature.
# A simple way to deploy this to multiple servers without syncing key material would be to
# use a distinct value for this variable per-server and host each record independently.
mailfruit_dkim_selector: 'mail'

0 comments on commit d61dad0

Please sign in to comment.