From 5e4bf1268c266e63d0e92e845ad910a2103b86ff Mon Sep 17 00:00:00 2001
From: Roman Ilin <me@romanilin.is>
Date: Mon, 15 Jun 2026 12:59:09 +0300
Subject:

---
 roles/mail/tasks/main.yaml | 61 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 roles/mail/tasks/main.yaml

(limited to 'roles/mail/tasks')

diff --git a/roles/mail/tasks/main.yaml b/roles/mail/tasks/main.yaml
new file mode 100644
index 0000000..66b4215
--- /dev/null
+++ b/roles/mail/tasks/main.yaml
@@ -0,0 +1,61 @@
+- name: Install Mail Packages
+  ansible.builtin.dnf:
+    name:
+      - postfix
+      - dovecot
+      - opendkim
+      - opendkim-tools
+    state: present
+
+- name: Ensure OpenDKIM keys directory exists
+  ansible.builtin.file:
+    path: "/etc/opendkim/keys/{{ vault_public_domain }}"
+    state: directory
+    owner: opendkim
+    group: opendkim
+    mode: "0750"
+
+- name: Generate DKIM Key
+  ansible.builtin.command:
+    cmd: "opendkim-genkey -a ed25519 -s default -d {{ vault_public_domain }} -D /etc/opendkim/keys/{{ vault_public_domain }}/"
+    creates: "/etc/opendkim/keys/{{ vault_public_domain }}/default.private"
+  notify: Fix DKIM permissions
+
+- name: Configure OpenDKIM mappings
+  ansible.builtin.copy:
+    dest: "{{ item.path }}"
+    content: "{{ item.content }}"
+    mode: "0644"
+  loop:
+    - { path: /etc/opendkim/KeyTable, content: "default._domainkey.{{ vault_public_domain }} {{ vault_public_domain }}:default:/etc/opendkim/keys/{{ vault_public_domain }}/default.private\n" }
+    - { path: /etc/opendkim/SigningTable, content: "*@{{ vault_public_domain }} default._domainkey.{{ vault_public_domain }}\n" }
+    - { path: /etc/opendkim/TrustedHosts, content: "127.0.0.1\nlocalhost\n10.0.0.0/24\n" }
+  notify: Restart Mail Services
+
+- name: Deploy Configurations
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "0644"
+  loop:
+    - { src: postfix_main.cf.j2, dest: /etc/postfix/main.cf }
+    - { src: postfix_master.cf.j2, dest: /etc/postfix/master.cf }
+    - { src: dovecot.conf.j2, dest: /etc/dovecot/dovecot.conf }
+    - { src: opendkim.conf.j2, dest: /etc/opendkim.conf }
+  notify: Restart Mail Services
+
+- name: Add Mail User
+  ansible.builtin.user:
+    name: me
+    shell: /sbin/nologin
+    password: "{{ vault_mail_user_password | password_hash('sha512') }}"
+
+- name: Ensure Services are Enabled and Running
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  loop:
+    - postfix
+    - dovecot
+    - opendkim
-- 
cgit