Browse Source

aligning roles with our conventions, major changes in opendkim-add.sh

configurable-swapiness
Eric Morino 1 year ago
parent
commit
36515c9c89
4 changed files with 17 additions and 35 deletions
  1. +1
    -0
      CHANGELOG.md
  2. +9
    -24
      opendkim/files/opendkim-add.sh
  3. +0
    -1
      opendkim/files/opendkim.conf
  4. +7
    -10
      opendkim/tasks/main.yml

+ 1
- 0
CHANGELOG.md View File

@@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
* tomcat: better tomcat version management
* webapps/evoadmin-web: add dbadmin.sh to sudoers file
* evomaintenance: embed version 0.5.0
* opendkim : aligning roles with our conventions, major changes in opendkim-add.sh


### Fixed


+ 9
- 24
opendkim/files/opendkim-add.sh View File

@@ -1,52 +1,37 @@
#!/bin/sh


dpkg -l |grep -e 'opendkim-tools' -e 'opendkim' -q

if [ "$?" -ne 0 ]; then
echo "Require opendkim-tools and opendkim"
exit 1
fi

if [ "$#" -ne 1 ]; then
echo "Usage : $0 example.com" >&2
exit 1
fi

servername="$(cat /etc/hostname)"
domain="$(echo "$1"|xargs)"

mkdir -pm 0750 "/etc/opendkim/keys/${domain}"
chown opendkim:opendkim "/etc/opendkim/keys/${domain}"

if [ ! -f "/etc/opendkim/keys/${domain}/default.private" ]; then
cd "/etc/opendkim/keys/${domain}"
if [ ! -f "/etc/ssl/private/dkim-${servername}.private" ]; then
echo "Generate DKIM keys ..."
sudo -u opendkim opendkim-genkey -r -d "${domain}"
chmod 640 /etc/opendkim/keys/${domain}/*
fi

grep -q "${domain}" /etc/opendkim/TrustedHosts
if [ "$?" -ne 0 ]; then
echo "Add ${domain} to TrustedHosts ..."
echo "${domain}" >> /etc/opendkim/TrustedHosts
opendkim-genkey -D /etc/ssl/private/ -r -d "${domain}" -s "dkim-${servername}"
chown opendkim:opendkim "/etc/ssl/private/dkim-${servername}.private"
chmod 640 "/etc/ssl/private/dkim-${servername}.private"
mv "/etc/ssl/private/dkim-${servername}.txt" "/etc/ssl/certs/"
fi

grep -q "${domain}" /etc/opendkim/KeyTable
if [ "$?" -ne 0 ]; then
echo "Add ${domain} to KeyTable ..."
echo "default._domainkey.${domain} ${domain}:default:/etc/opendkim/keys/${domain}/default.private" >> /etc/opendkim/KeyTable
echo "dkim-${servername}._domainkey.${domain} ${domain}:dkim-${servername}:/etc/ssl/private/dkim-${servername}.private" >> /etc/opendkim/KeyTable
fi

grep -q "${domain}" /etc/opendkim/SigningTable
if [ "$?" -ne 0 ]; then
echo "Add ${domain} to SigningTable ..."
echo "*@${domain} default._domainkey.${domain}" >> /etc/opendkim/SigningTable
echo "*@${domain} dkim-${servername}._domainkey.${domain}" >> /etc/opendkim/SigningTable
fi

systemctl reload opendkim
if [ "$?" -eq 0 ]; then
echo "OpenDKIM successfully reloaded"
echo "Public key is in : /etc/opendkim/keys/${domain}/default.txt"
echo "Public key is in : /etc/ssl/certs/dkim-${servername}.txt"
exit 0
else
echo "An error has occurred while opendkim reload, please FIX configuration !" >&2


+ 0
- 1
opendkim/files/opendkim.conf View File

@@ -5,7 +5,6 @@ OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
Selector default
Canonicalization relaxed/relaxed
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogResults Yes


+ 7
- 10
opendkim/tasks/main.yml View File

@@ -6,19 +6,16 @@
with_items:
- opendkim
- opendkim-tools
- ssl-cert
tags:
- opendkim

- name: create keys directory
file:
name: "{{ item }}"
state: directory
owner: opendkim
group: opendkim
mode: "0750"
with_items:
- '/etc/opendkim'
- '/etc/opendkim/keys'
- name: Add user opendkim in ssl-cert group
user:
name: opendkim
groups: ssl-cert
state: present
append: yes
tags:
- opendkim



Loading…
Cancel
Save