From fc01d490466f10bd32f2b61ab869725e1ba8924d Mon Sep 17 00:00:00 2001
From: Joe Banks <joe@jb3.dev>
Date: Mon, 29 Jul 2024 23:19:47 +0100
Subject: dkim: add documentation on opendkim role

---
 ansible/roles/opendkim/README.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 ansible/roles/opendkim/README.md

(limited to 'ansible')

diff --git a/ansible/roles/opendkim/README.md b/ansible/roles/opendkim/README.md
new file mode 100644
index 0000000..4ed31cd
--- /dev/null
+++ b/ansible/roles/opendkim/README.md
@@ -0,0 +1,35 @@
+# OpenDKIM
+
+This role configures the OpenDKIM server used to sign outbound mail from the
+Postfix installation.
+
+As a brief summary, this role:
+1. Installs OpenDKIM and relevant tools
+1. Creates directories for all configured domains
+1. Generates the keys with the configured domain & selector
+1. Templates the OpenDKIM configuration file
+1. Generates the OpenDKIM KeyTable and SigningTable based off configured domains
+   and selectors
+
+OpenDKIM is available via port 8891 and binds locally.
+
+When run, the DNS entries required will be made available at the following path:
+
+```
+/etc/dkimkeys/{domain}/{selector}.txt
+```
+
+The files are in BIND format which is importable to most DNS-hosts but is also
+human readable for manual configuration.
+
+The keys are only regenerated when they are not present, to force regeneration
+delete the above path but change the extension from `txt` to `private` (the key
+file).
+
+## Variables
+
+`opendkim_domains` is a list containing all the domains that mail can be signed
+for.
+
+`opendkim_selector` is the selector used for these, normally a hostname or
+`default` suffices.
-- 
cgit v1.2.3