src: templates/opendkim.env
- name: regenerate opendkim service
when: opendkim_env.changed
- shell: /lib/opendkim/opendkim.service.generate && systemctl daemon-reload
+ shell: /lib/opendkim/opendkim.service.generate && systemctl daemon-reload && systemd-tmpfiles /etc/tmpfiles.d/opendkim.conf --create
notify: opendkim
# tables
+- name: create opendkim dir
+ file: name=/etc/opendkim state=directory owner=opendkim
- name: generate opendkim keys
shell: mkdir /etc/opendkim/{{ item }}/ && opendkim-genkey --bits=2048 -s mail -d {{ item }} -D /etc/opendkim/{{ item }}/
+ become_user: opendkim
args:
creates: /etc/opendkim/{{ item }}/mail.private
warn: False
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
+
+## default (none)
+##
+## Specifies a file from which trust anchor data should be read when doing
+## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
+## at http://unbound.net for the expected format of this file.
+
+TrustAnchorFile /usr/share/dns/root.key
projects / ansible.git / commitdiff