mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
fail2ban-incremental-ban
infrastructure/roles/rspamd/tasks/main.yml
Evangelos Foutras 595e3316c4
aurweb/rspamd: append .vault to vaulted secrets 
This avoids triggering a GitLab push rule which rejects files that look
like secrets.
2022-09-17 22:10:08 +03:00

38 lines
1.3 KiB
YAML
Raw Permalink Blame History

- name: Install rspamd
pacman: name=rspamd state=present
- name: Install config
copy: src=local.d/ dest=/etc/rspamd/local.d/ owner=root group=root mode=0644
notify:
- Reload rspamd
- name: Install dkim_signing.conf
template: src=dkim_signing.conf.j2 dest=/etc/rspamd/local.d/dkim_signing.conf owner=root group=root mode=0644
notify:
- Reload rspamd
- name: Create rspamd dkim directory
file: path=/var/lib/rspamd/dkim state=directory owner=rspamd group=rspamd mode=0750
# For this to run, you need to generate the keys first
# run
#
# rspamadm dkim_keygen -s dkim-ed25519 -b 0 -d archlinux.org -t ed25519 -k archlinux.org.dkim-ed25519.key
# rspamadm dkim_keygen -s dkim-rsa -b 4096 -d archlinux.org -t rsa -k archlinux.org.dkim-rsa.key
#
# the ouput gives you the DNS entries to add to the terraform files.
# The keys generated need to go to the vault:
# roles/rspamd/files/archlinux.org.dkim-rsa.key.vault
# roles/rspamd/files/archlinux.org.dkim-ed25519.key.vault
#
- name: Install DKIM keys
copy: src={{ item }}.vault dest=/var/lib/rspamd/dkim/{{ item }} owner=rspamd group=rspamd mode=0600
loop:
- "{{ rspamd_dkim_domain }}.dkim-ed25519.key"
- "{{ rspamd_dkim_domain }}.dkim-rsa.key"
notify:
- Reload rspamd
- name: Start and enable rspamd
service: name=rspamd enabled=yes state=started
View Git Blame Copy Permalink