Print DNS entries at end of mailserver playbook

2024-09-28 14:11:56 +02:00 · 2024-09-28 14:11:56 +02:00 · 45841ffd9f
commit 45841ffd9f
parent 86983b241d
6 changed files with 37 additions and 16 deletions
--- a/playbook_mailserver.yml
+++ b/playbook_mailserver.yml
@ -21,8 +21,10 @@
    - role: mailserver_rspamd
      tags: rspamd
    - role: mailserver_dkim
-      tags: dkim
+      tags: dkim, report
    - role: mailserver_spf
-      tags: spf
+      tags: spf, report
    - role: mailserver_dmarc
-      tags: dmarc
+      tags: dmarc, report
    - role: mailserver_dns_report
      tags: report
--- a/roles/mailserver_dkim/handlers/main.yml
+++ b/roles/mailserver_dkim/handlers/main.yml
@ -27,7 +27,3 @@
    group: root
    mode: "644"
  notify: Reload rspamd service
 - name: Print DKIM TXT record for the DNS zone
  ansible.builtin.debug:
    msg: "Don't forget to add this to your DNS zone:\n{{ dkim_txt_record.stdout }}"
--- a/roles/mailserver_dkim/tasks/main.yml
+++ b/roles/mailserver_dkim/tasks/main.yml
@ -24,7 +24,6 @@
    - Fix DKIM key ownership
    - Save DKIM TXT record to a file
    - Add selector to DKIM selectors map
    - Print DKIM TXT record for the DNS zone
 - name: Copy dkim_signing local config
  become: true
--- a/roles/mailserver_dmarc/tasks/main.yml
+++ b/roles/mailserver_dmarc/tasks/main.yml
@ -3,7 +3,3 @@
 - name: Set DMARC TXT record
  ansible.builtin.set_fact:
    dmarc_txt_record: "_dmarc.{{ virtual_domain }}. IN TXT \"v=DMARC1; p=reject; pct=100; adkim=s; rua=mailto:postmaster@{{ virtual_domain }}\""
 - name: Print DMARC TXT record for the DNS zone
  ansible.builtin.debug:
    msg: "Don't forget to add this to your DNS zone:\n{{ dmarc_txt_record }}"
--- a/roles/mailserver_dns_report/tasks/main.yml
+++ b/roles/mailserver_dns_report/tasks/main.yml
@ -0,0 +1,32 @@
 ---
 - name: Make sure any handlers have run
  ansible.builtin.meta: flush_handlers
 - name: Get current DKIM TXT files
  become: true
  ansible.builtin.find:
    paths: /var/lib/rspamd/dkim/
    patterns: "{{ virtual_domain }}.*.dns"
  register: dkim_dir
 - name: Get DKIM TXT record
  become: true
  ansible.builtin.slurp:
    src: "{{ item.path }}"
  with_items: "{{ dkim_dir.files }}"
  register: dkim_txt_record_slurp
 - name: Print DKIM TXT record for the DNS zone
  ansible.builtin.debug:
    msg: "Don't forget to add this to your DNS zone:\n{{ item.content | b64decode }}"
  with_items:
    - "{{ dkim_txt_record_slurp.results }}"
 - name: Print SPF TXT record for the DNS zone
  ansible.builtin.debug:
    msg: "Don't forget to add this to your DNS zone:\n{{ spf_txt_record }}"
 - name: Print DMARC TXT record for the DNS zone
  ansible.builtin.debug:
    msg: "Don't forget to add this to your DNS zone:\n{{ dmarc_txt_record }}"
--- a/roles/mailserver_spf/tasks/main.yml
+++ b/roles/mailserver_spf/tasks/main.yml
@ -9,7 +9,3 @@
 - name: Set SPF TXT record
  ansible.builtin.set_fact:
    spf_txt_record: "{{ virtual_domain }}. IN TXT \"v=spf1 ip4:{{ local_public_ip.content }} mx a ~all\""
 - name: Print SPF TXT record for the DNS zone
  ansible.builtin.debug:
    msg: "Don't forget to add this to your DNS zone:\n{{ spf_txt_record }}"