-
Notifications
You must be signed in to change notification settings - Fork 2
/
opendkim.sls
98 lines (85 loc) · 2.13 KB
/
opendkim.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
{% from "email/defaults.jinja" import settings with context %}
{% if not settings.dkim.enabled %}
opendkim.service:
service.dead:
- enable: false
opendkim_masked:
service.masked:
- name: opendkim
{% else %}
/etc/opendkim.conf:
file.managed:
- source: salt://email/opendkim.conf
- template: jinja
- defaults:
settings: {{ settings }}
/etc/dkimkeys:
file.directory:
- user: opendkim
- group: opendkim
- mode: "0700"
- require:
- user: opendkim
{%- for domain, config in settings.dkim.sign.items() %}
/etc/dkimkeys/{{ domain }}_{{ config.selector }}.key:
file.managed:
- user: opendkim
- group: opendkim
- mode: "0600"
- contents: |
{{ config.secret|indent(8,True) }}
- require:
- file: /etc/dkimkeys
- watch_in:
- service: opendkim
{%- endfor %}
/etc/dkimkeys/keytable.txt:
file.managed:
- contents: |
{%- for domain, config in settings.dkim.sign.items() %}
{{ config.selector }}._domainkey.{{ domain }} {{ domain }}:{{ config.selector }}:/etc/dkimkeys/{{ domain }}_{{ config.selector }}.key
{%- endfor %}
- require:
- file: /etc/dkimkeys
/etc/dkimkeys/signingtable.txt:
file.managed:
- contents: |
{%- for domain, config in settings.dkim.sign.items() %}
*@{{ domain }} {{ config.selector }}._domainkey.{{ domain }}
{%- endfor %}
- require:
- file: /etc/dkimkeys
opendkim:
user.present:
- name: opendkim
- shell: /usr/sbin/nologin
- home: /run/opendkim
- system: True
pkg.installed:
- pkgs:
- opendkim
- opendkim-tools
/etc/default/opendkim:
file.replace:
- pattern: |
^SOCKET=.+
- repl: |
SOCKET={{ settings.dkim.opendkim_listen }}
- append_if_not_found: true
- require:
- pkg: opendkim
opendkim_unmasked:
service.unmasked:
- name: opendkim
opendkim.service:
service.running:
- name: opendkim
- enable: true
- require:
- pkg: opendkim
- watch:
- file: /etc/default/opendkim
- file: /etc/opendkim.conf
- file: /etc/dkimkeys/keytable.txt
- file: /etc/dkimkeys/signingtable.txt
{% endif %}