ansible-role-postfix/tasks/arc.yml

---
- name: arc | Manage the arc packages in EL systems
  when:
    - ansible_distribution_file_variety == "RedHat"
    - postfix_arc_enabled
  tags: ['postfix', 'postfix_arc', 'arc']
  block:
    - name: arc | Install the arc packages on EL
      ansible.builtin.yum:
        pkg: '{{ postfix_arc_el_pkgs }}'
        state: present


- name: arc | Manage the arc packages in DEB systems
  when:
    - ansible_distribution_file_variety == "Debian"
    - postfix_arc_enabled
  tags: ['postfix', 'postfix_arc', 'arc']
  block:
    - name: arc | Install the arc packages on DEB
      ansible.builtin.apt:
        pkg: '{{ postfix_arc_deb_pkgs }}'
        state: present
        cache_valid_time: 1800

- name: arc | ARC configuration
  tags: ['postfix', 'postfix_arc', 'arc', 'postfix_conf', 'arc_conf']
  block:
    - name: arc | Ensure that the /var/run/openarc directory exists
      ansible.builtin.file:
        dest: /var/run/openarc
        state: directory
        mode: "0700"
        owner: '{{ postfix_arc_user }}'
        group: '{{ postfix_arc_group }}'

    - name: arc | Create the arc domains subdirs
      ansible.builtin.file:
        dest: '{{ postfix_arc_base_dir }}/{{ postfix_arc_domain }}'
        state: directory
        mode: "0750"
        owner: '{{ postfix_arc_user }}'
        group: '{{ postfix_arc_group }}'

    - name: arc | Create the arc signature (only one domain is supported)
      become: true
      become_user: '{{ postfix_arc_user }}'
      ansible.builtin.command: opendkim-genkey -D {{ postfix_arc_key_dir }} -d {{ postfix_arc_domain }} -s {{ postfix_arc_domain_selector }}
      args:
        creates: '{{ postfix_arc_base_dir }}/{{ postfix_arc_domain }}/{{ postfix_arc_domain_selector }}.private'
      notify: Restart openarc

    - name: arc | Install the trustedhosts list when defined
      ansible.builtin.template:
        src: 'arc_trustedhosts.j2'
        dest: '{{ postfix_arc_base_dir }}/trustedhosts'
        owner: '{{ postfix_arc_user }}'
        group: '{{ postfix_arc_group }}'
        mode: "0600"
      notify: Restart openarc

    - name: arc | Install the openarc configuration
      ansible.builtin.template:
        src: openarc.conf.j2
        dest: '{{ postfix_arc_conf }}'
        owner: root
        group: root
        mode: "0644"
      notify: Restart openarc

- name: arc | Manage the arc service
  tags: ['postfix', 'postfix_arc', 'arc']
  block:
    - name: arc | Ensure that the openarc service is started and enabled
      ansible.builtin.service:
        name: openarc
        state: started
        enabled: true
See #2081. Supporto a ARC. 2024-02-16 17:22:21 +01:00			`---`
			`- name: arc \| Manage the arc packages in EL systems`
			`when:`
			`- ansible_distribution_file_variety == "RedHat"`
			`- postfix_arc_enabled`
			`tags: ['postfix', 'postfix_arc', 'arc']`
			`block:`
			`- name: arc \| Install the arc packages on EL`
			`ansible.builtin.yum:`
			`pkg: '{{ postfix_arc_el_pkgs }}'`
			`state: present`


			`- name: arc \| Manage the arc packages in DEB systems`
			`when:`
			`- ansible_distribution_file_variety == "Debian"`
			`- postfix_arc_enabled`
			`tags: ['postfix', 'postfix_arc', 'arc']`
			`block:`
			`- name: arc \| Install the arc packages on DEB`
			`ansible.builtin.apt:`
			`pkg: '{{ postfix_arc_deb_pkgs }}'`
			`state: present`
			`cache_valid_time: 1800`

			`- name: arc \| ARC configuration`
			`tags: ['postfix', 'postfix_arc', 'arc', 'postfix_conf', 'arc_conf']`
			`block:`
			`- name: arc \| Ensure that the /var/run/openarc directory exists`
			`ansible.builtin.file:`
			`dest: /var/run/openarc`
			`state: directory`
			`mode: "0700"`
			`owner: '{{ postfix_arc_user }}'`
			`group: '{{ postfix_arc_group }}'`

			`- name: arc \| Create the arc domains subdirs`
			`ansible.builtin.file:`
			`dest: '{{ postfix_arc_base_dir }}/{{ postfix_arc_domain }}'`
			`state: directory`
			`mode: "0750"`
			`owner: '{{ postfix_arc_user }}'`
			`group: '{{ postfix_arc_group }}'`

			`- name: arc \| Create the arc signature (only one domain is supported)`
			`become: true`
			`become_user: '{{ postfix_arc_user }}'`
			`ansible.builtin.command: opendkim-genkey -D {{ postfix_arc_key_dir }} -d {{ postfix_arc_domain }} -s {{ postfix_arc_domain_selector }}`
			`args:`
			`creates: '{{ postfix_arc_base_dir }}/{{ postfix_arc_domain }}/{{ postfix_arc_domain_selector }}.private'`
			`notify: Restart openarc`

			`- name: arc \| Install the trustedhosts list when defined`
			`ansible.builtin.template:`
			`src: 'arc_trustedhosts.j2'`
			`dest: '{{ postfix_arc_base_dir }}/trustedhosts'`
			`owner: '{{ postfix_arc_user }}'`
			`group: '{{ postfix_arc_group }}'`
			`mode: "0600"`
			`notify: Restart openarc`

			`- name: arc \| Install the openarc configuration`
			`ansible.builtin.template:`
			`src: openarc.conf.j2`
			`dest: '{{ postfix_arc_conf }}'`
			`owner: root`
			`group: root`
			`mode: "0644"`
			`notify: Restart openarc`

			`- name: arc \| Manage the arc service`
			`tags: ['postfix', 'postfix_arc', 'arc']`
			`block:`
			`- name: arc \| Ensure that the openarc service is started and enabled`
			`ansible.builtin.service:`
			`name: openarc`
			`state: started`
			`enabled: true`