test other opendkim container

roles/email/defaults/main.yml

@@ -43,16 +43,16 @@ dovecot_docker_labels: {}
 #opendkim
 opendkim_base_path: "{{ email_base_path }}/opendkim"
 opendkim_docker_name: opendkim
-opendkim_docker_image: registry.gitlab.com/famedly/containers/dkim
-#opendkim_docker_image: instrumentisto/opendkim
+#opendkim_docker_image: registry.gitlab.com/famedly/containers/dkim
+opendkim_docker_image: instrumentisto/opendkim
 opendkim_docker_ports: []
 opendkim_docker_labels: {}
-opendkim_cert_path: "/"
-opendkim_conf_path: "/etc/opendkim.conf"
+opendkim_conf_path: "/etc/opendkim/opendkim.conf"
+opendkim_cert_path: "/etc/opendkim"
 opendkim_cert_filename: "{{ opendkim_selector_name }}.key.pem"
-opendkim_cert_filepath: "{{ opendkim_cert_path }}{{ opendkim_cert_filename }}"
+opendkim_cert_filepath: "{{ opendkim_cert_path }}/{{ opendkim_cert_filename }}"
 opendkim_selector_name: ratzupaltuff-test #hostname or month/year
 opendkim_sign_addresses: "172.3.0.1/24" #comma separated cidr notation
 opendkim_port: 8891
-opendkim_listening_address: "172.3.0.1"
+opendkim_listening_address: "172.3.0.5"
 opendkim_listening_socket: "inet:{{ opendkim_port }}@{{ opendkim_listening_address }}"

roles/email/tasks/opendkim.yml

@@ -14,8 +14,9 @@
     file:
       path: '{{ opendkim_base_path }}/{{ item }}'
       state: directory
-      owner: "{{ opendkim_user.name }}"
-      group: "{{ opendkim_user.group }}"
+      owner: root
+      #owner: "{{ opendkim_user.name }}"
+      #group: "{{ opendkim_user.group }}"
       mode: '0700'
     with_items:
       - 
@@ -27,8 +28,9 @@
     template:
       src: "opendkim/opendkim.conf"
       dest: "{{ opendkim_base_path }}/config/opendkim.conf"
-      owner: "{{ opendkim_user.name }}"
-      group: "{{ opendkim_user.group }}"
+      owner: root
+      #owner: "{{ opendkim_user.name }}"
+      #group: "{{ opendkim_user.group }}"
       mode: '0700'
 
   - name: opendkim cert-gen
@@ -43,12 +45,12 @@
       labels: "{{ opendkim_docker_labels }}"
       restart_policy: unless-stopped
       recreate: true
-      user: "{{ opendkim_user.uid }}" #:{{ opendkim_user.group }}"
+      #user: "{{ opendkim_user.uid }}" #:{{ opendkim_user.group }}"
       pull: true
       command: "/usr/sbin/opendkim -x {{ opendkim_conf_path }}"
       #command: "/usr/sbin/opendkim -f -l -p {{ opendkim_listening_socket }} -d {{ email_domain }} -k {{ opendkim_cert_path }}/{{ opendkim_cert_filename }} -s {{ opendkim_selector_name }}"
       volumes:
-        - "{{ opendkim_base_path }}/certs/{{ opendkim_cert_filename }}:/{{ opendkim_cert_filename }}"
+        - "{{ opendkim_base_path }}/certs/{{ opendkim_cert_filename }}:{{ opendkim_cert_filepath }}"
         - "{{ opendkim_base_path }}/config/opendkim.conf:{{ opendkim_conf_path }}"
 
   - name: debug

roles/email/tasks/opendkim_cert_gen.yml

@@ -11,6 +11,7 @@
       src: "files/{{ opendkim_cert_filename }}" 
       dest: "{{ opendkim_base_path }}/certs/{{ opendkim_cert_filename }}"
       #state: file
-      owner: "100" #"{{ opendkim_user.name }}"
-      group: "{{ opendkim_user.group }}"
-      mode: "0777" #TODO be more restrictive
+      owner: root
+      #owner: "100" #"{{ opendkim_user.name }}"
+      #group: "{{ opendkim_user.group }}"
+      mode: "0700" #TODO be more restrictive