sovereign/roles/mailserver/tasks/opendmarc.yml

- name: Install OpenDMARC milter and related packages
  apt: pkg={{ item }} state=installed update_cache=yes
  with_items:
    - postgresql
    - python-psycopg2
    - opendmarc

- name: Copy OpenDMARC configuration file into place
  template: src=etc_opendmarc.conf.j2 dest=/etc/opendmarc.conf owner=root group=root
  notify: restart opendmarc

- name: Create OpenDMARC configuration directory
  file: state=directory path=/etc/opendmarc

- name: Copy OpenDMARC ignore hosts file into place
  template: src=etc_opendmarc_ignore.hosts.j2 dest=/etc/opendmarc/ignore.hosts owner=root group=root

- name: Copy OpenDMARC defaults file into place
  copy: src=etc_default_opendmarc dest=/etc/default/opendmarc owner=root group=root
  notify:
    - restart opendmarc
    - restart postfix

- name: Create database user for OpenDMARC reports
  postgresql_user: login_host=localhost login_user={{ db_admin_username }} login_password="{{ db_admin_password }}" name={{ mail_db_opendmarc_username }} password="{{ mail_db_opendmarc_password }}" state=present

- name: Create database for OpenDMARC reports
  postgresql_db: login_host=localhost login_user={{ db_admin_username }} login_password="{{ db_admin_password }}" name={{ mail_db_opendmarc_database }} state=present owner={{ mail_db_opendmarc_username }}

- name: Copy OpenDMARC database schema file into place
  copy: src=etc_opendmarc_import.sql dest=/etc/opendmarc/import.sql owner=root group=root mode=0600
  notify: import sql opendmarc

- name: Copy nightly OpenDMARC report generation script into place
  template: src=etc_opendmarc_report.sh.j2 dest=/etc/opendmarc/report.sh owner=root group=root mode="755"

- name: Touch initial report dat file with correct permissions
  file: path=/var/run/opendmarc/opendmarc.dat state=touch owner=opendmarc group=opendmarc

- name: Activate OpenDMARC report cronjob
  cron: name="OpenDMARC report" hour="2" minute="0" job="/bin/bash /etc/opendmarc/report.sh >> /var/log/opendmarc_report.log"