1 files changed, 12 insertions, 0 deletions

diff --git a/group_vars/all.yml b/group_vars/all.yml
index 49cf935..f222b56 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -29,20 +29,32 @@ postfix_instance:
   #     therefore have to limit the number of outgoing SMTP proxy and
   #     IMAP server to one. Since hosts(5) files cannot map and IP
   #     address to multiple hostnames, a workaround would be to use
   #     round-robin DNS, but we can't rely on DNS as long as our zone is
   #     unsigned.
   IMAP:    { name: mda
            , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.IMAP[0]].inventory_hostname_short ], '127.0.0.1') }}"
            , port: 2526 }
   MX:      { name: mx,  group: mta }
   out:     { name: out, group: mta
            , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.out[0]].inventory_hostname_short ], '127.0.0.1') }}"
            , port: 2525 }
   MSA:     { name: msa
            , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.MSA[0]].inventory_hostname_short ], '127.0.0.1') }}"
            , port: 2587 }
   lists:   { name: lists
            , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.lists[0]].inventory_hostname_short ], '127.0.0.1') }}"
            , port: 2527 }
 
 imapsvr_addr: "{{ postfix_instance.IMAP.addr | ipaddr }}"
+
+dkim_keys:
+  giraff:
+    # match key
+    "fripost.org":
+      # domain of the entity signing the message (should be unique accross match keys)
+      d: fripost.org
+      # selector (should be globally unique and random)
+      s: 8f00fb94ec6c37aacb48bd43e073f9b7
+    "~": # catch-all, for our virtual domains
+      d: x.fripost.org
+      s: 9df9cdc7e101629b5003b587945afa70