1 files changed, 27 insertions, 16 deletions

diff --git a/roles/amavis/tasks/main.yml b/roles/amavis/tasks/main.yml
index 4009c05..7fc44c7 100644
--- a/roles/amavis/tasks/main.yml
+++ b/roles/amavis/tasks/main.yml
@@ -1,79 +1,90 @@
 - name: Install amavis and its decoders
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - amavisd-new
     - libnet-ldap-perl
     # Mail::DKIM
     - libmail-dkim-perl
     - gzip
     - bzip2
     - xz-utils
     - lzop
     - rpm2cpio
     - pax
     - binutils
     - p7zip-full
     - unrar-free
     - arj
     - nomarch
-    - zoo
-    - ripole
     - cabextract
     - unar
     - tnef
   notify:
     - Restart Amavis
 
 - name: Add 'clamav' to the group 'amavis'
   user: name=clamav groups=amavis append=yes
   notify:
     - Restart ClamAV
     - Restart Amavis
 
-- name: Set AllowSupplementaryGroups=true
-  lineinfile: "dest=/etc/clamav/clamd.conf
-               regexp='^AllowSupplementaryGroups\\s'
-               line='AllowSupplementaryGroups true'"
-  notify:
-    - Restart ClamAV
+- name: Add an 'amavis' alias
+  lineinfile: dest=/etc/aliases create=yes
+              regexp="^amavis{{':'}} "
+              line="amavis{{':'}} root"
 
-- name: Create directory /var/lib/dkim
-  file: path=/var/lib/dkim
+- name: Compile the static local Postfix database
+  postmap: cmd=postalias src=/etc/aliases db=lmdb
+           owner=root group=root
+           mode=0644
+
+- name: Create directory /etc/amavis/dkim
+  file: path=/etc/amavis/dkim
         state=directory
         owner=root group=root
         mode=0755
   when: "'out' in group_names"
   tags:
     - genkey
+    - dkim
 
 - name: Generate a private key for DKIM signing
-  command: genkeypair.sh dkim --privkey=/var/lib/dkim/20140703.fripost.org.key -t rsa -b 1024
+  command: genkeypair.sh dkim --owner=amavis --group=root --privkey="/etc/amavis/dkim/{{ item.s }}:{{ item.d }}.pem" -t rsa -b 2048
+  with_items: "{{ (dkim_keys[inventory_hostname_short] | default({})).values() | list }}"
   register: dkim
   changed_when: dkim.rc == 0
   failed_when: dkim.rc > 1
   when: "'out' in group_names"
-  notify:
-    - Restart Amavis
-    - Publish the public key to the DNS zone
   tags:
     - genkey
+    - dkim
+
+- name: Fetch DKIM keys
+  fetch_cmd: cmd="openssl pkey -pubout -outform PEM"
+             stdin="/etc/amavis/dkim/{{ item.s }}:{{ item.d }}.pem"
+             dest="certs/dkim/{{ item.s }}:{{ item.d }}.pub"
+  with_items: "{{ (dkim_keys[inventory_hostname_short] | default({})).values() | list }}"
+  tags:
+    - genkey
+    - dkim
 
 - name: Configure Amavis
   template: src=etc/amavis/conf.d/50-user.j2
             dest=/etc/amavis/conf.d/50-user
             owner=root group=root
             mode=0644
   register: r3
   notify:
     - Restart Amavis
 
 - meta: flush_handlers
 
 - name: Start Amavis
   service: name=amavis state=started
 
 
 - name: Install 'amavis' Munin plugin
   file: src=/usr/share/munin/plugins/amavis
         dest=/etc/munin/plugins/amavis
         owner=root group=root