wip

2021-06-16 19:17:12 +02:00 · 2021-06-16 19:17:12 +02:00 · 8de3f4f0eb
commit 8de3f4f0eb
parent ac25279276
4 changed files with 28 additions and 17 deletions
--- a/bundles/opendkim/files/opendkim.conf
+++ b/bundles/opendkim/files/opendkim.conf
@ -4,11 +4,12 @@ Canonicalization        relaxed/simple
 KeyTable                refile:/etc/opendkim/key_table
 SigningTable            refile:/etc/opendkim/signing_table

-UMask                   002
+UMask                   007
 UserID                  opendkim:opendkim
-PidFile                 /var/run/opendkim/opendkim.pid
-Socket                  local:/var/run/opendkim/opendkim.sock
+PidFile                 /run/opendkim/opendkim.pid
+Socket                  inet:8891@localhost

 Syslog                  yes
 SyslogSuccess           Yes
+SyslogFacility          mail
 LogWhy                  Yes
--- a/bundles/opendkim/items.py
+++ b/bundles/opendkim/items.py
@ -48,16 +48,25 @@ files = {
 for domain in node.metadata.get('opendkim/domains'):
    directories[f'/etc/opendkim/keys/{domain}'] = {
        **file_attributes,
+        'purge': True,
+    }
+    files[f'/etc/opendkim/keys/{domain}/mail.private'] = {
+        **file_attributes,
+        'content_type': 'any',
+    }
+    files[f'/etc/opendkim/keys/{domain}/mail.txt'] = {
+        **file_attributes,
+        'content_type': 'any',
    }
-    
    actions[f'generate_{domain}_dkim_key'] = {
        'command': (
-            'sudo --user opendkim'
-            ' opendkim-genkey'
+            f'sudo --user opendkim'
+            f' opendkim-genkey'
+            f' --selector=mail'
            f' --directory=/etc/opendkim/keys/{domain}'
            f' --domain={domain}'
        ),
-        'unless': f'test -f /etc/opendkim/keys/{domain}/default.private',
+        'unless': f'test -f /etc/opendkim/keys/{domain}/mail.private',
        'needs': [
            'svc_systemd:opendkim',
            f'directory:/etc/opendkim/keys/{domain}',
--- a/bundles/postfix/files/main.cf
+++ b/bundles/postfix/files/main.cf
@ -45,5 +45,5 @@ mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_inva
 # opendkim
 milter_protocol = 2
 milter_default_action = accept
-smtpd_milters = local:/var/run/opendkim/opendkim.sock
-non_smtpd_milters = local:/var/run/opendkim/opendkim.sock
+smtpd_milters = inet:localhost:8891
+non_smtpd_milters = inet:localhost:8891
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@ -12,14 +12,15 @@
    'metadata': {
        'opendkim': {
            'domains': [
-                "sublimity.de", 
-                "freibrief.net",
-                "nadenau.net",
-                "naeder.net",
-                "rolfwerner.eu",
-                "wettengl.net",
-                "wingl.de",
-                "woodpipe.de",
+                'mail2.sublimity.de',
+                # 'sublimity.de',
+                # 'freibrief.net',
+                # 'nadenau.net',
+                # 'naeder.net',
+                # 'rolfwerner.eu',
+                # 'wettengl.net',
+                # 'wingl.de',
+                # 'woodpipe.de',
            ],
        },
        'interfaces': {