Externalize role

templates/etc/opendkim.conf.j2

@@ -0,0 +1,88 @@
+## BASIC OPENDKIM CONFIGURATION FILE
+## See opendkim.conf(5) or %{_pkgdocdir}/opendkim.conf.sample for more
+
+## BEFORE running OpenDKIM you must:
+
+## - make your MTA (Postfix, Sendmail, etc.) aware of OpenDKIM
+## - generate keys for your domain (if signing)
+## - edit your DNS records to publish your public keys (if signing)
+
+## See %{_pkgdocdir}/INSTALL for detailed instructions.
+
+## CONFIGURATION OPTIONS
+
+AutoRestart             Yes
+AutoRestartRate         10/1h
+
+# Specifies the path to the process ID file.
+PidFile	/var/run/opendkim/opendkim.pid
+
+# Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
+# Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
+# messages.
+Mode	sv
+
+# Log activity to the system log.
+Syslog	yes
+
+# Log additional entries indicating successful signing or verification of messages.
+SyslogSuccess	yes
+
+# If logging is enabled, include detailed logging about why or why not a message was
+# signed or verified. This causes an increase in the amount of log data generated
+# for each message, so set this to No (or comment it out) if it gets too noisy.
+LogWhy	yes
+
+# Attempt to become the specified user before starting operations.
+UserID	opendkim:opendkim
+
+# Create a socket through which your MTA can communicate.
+Socket	inet:8891@localhost
+
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+Umask	022
+
+# This specifies a text file in which to store DKIM transaction statistics.
+# OpenDKIM must be manually compiled with --enable-stats to enable this feature.
+#Statistics	/var/spool/opendkim/stats.dat
+
+## SIGNING OPTIONS
+
+# Selects the canonicalization method(s) to be used when signing messages.
+Canonicalization	relaxed/simple
+
+# Domain(s) whose mail should be signed by this filter. Mail from other domains will
+# be verified rather than being signed. Uncomment and use your domain name.
+# This parameter is not required if a SigningTable is in use.
+#Domain	example.com
+
+# Defines the name of the selector to be used when signing messages.
+Selector	default
+
+# Specifies the minimum number of key bits for acceptable keys and signatures.
+MinimumKeyBits 1024
+
+# Gives the location of a private key to be used for signing ALL messages. This
+# directive is ignored if KeyTable is enabled.
+#KeyFile	/etc/opendkim/keys/default.private
+
+# Gives the location of a file mapping key names to signing keys. In simple terms,
+# this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
+# directive in the configuration file. Requires SigningTable be enabled.
+KeyTable	refile:/etc/opendkim/KeyTable
+
+# Defines a table used to select one or more signatures to apply to a message based
+# on the address found in the From: header field. In simple terms, this tells
+# OpenDKIM how to use your keys. Requires KeyTable be enabled.
+SigningTable	refile:/etc/opendkim/SigningTable
+
+# Identifies a set of "external" hosts that may send mail through the server as one
+# of the signing domains without credentials as such.
+ExternalIgnoreList	refile:/etc/opendkim/TrustedHosts
+
+# Identifies a set "internal" hosts whose mail should be signed rather than verified.
+InternalHosts	refile:/etc/opendkim/TrustedHosts
+
+SignatureAlgorithm      rsa-sha256
+