insert our preferred nameserver into opendkim.conf

Use our version of ansible-dkim to insert Nameservers clause into
opendkim.conf

Author: spacelama

.gitmodules

@@ -40,3 +40,6 @@
 [submodule "repos/pve-nag-buster"]
 	path = repos/pve-nag-buster
 	url = [email protected]:foundObjects/pve-nag-buster.git
+[submodule "repos/ansible-dkim"]
+	path = repos/ansible-dkim
+	url = [email protected]:spacelama/ansible-dkim.git

README.md

@@ -120,8 +120,8 @@ radio0 and radio1 pci/hardware devices in /etc/config/wireless.
 * You probably want to install `ansible-mitogen` (and `python3-mitogen`) on your Ansible server too, for my ansible.cfg sets `strategy = mitogen_linear` to greatly accelerate the playbook (it works with that setting disabled if you can't install migoten, but mitogen has never created any detectable problems for me).  I have only tested this from a Debian machine (Debian 11,12).
 * Ideally, you'd create a gpg encrypted file in misc/vault-password.gpg, and verify it can be read with: misc/get-vault-pass.sh
 * OpenWRT plays rely on [ansible-openwrt](https://github.com/gekmihesg/ansible-openwrt), which is published as a [galaxy collection](https://galaxy.ansible.com/ui/repo/published/nn708/openwrt/).
-* Tasmota plays rely on [ansible-tasmota](https://github.com/tobias-richter/ansible-tasmota), which is available through [ansible galaxy](https://galaxy.ansible.com/ui/standalone/roles/tobias_richter/tasmota/), but which [I've modified](https://github.com/spacelama/ansible-tasmota) and included in this repo to allow for and transparently recovers from the Tasmota device spontaneously rebooting after certain configurations are applied.
-* The SMTP plays setup DKIM signatures via [ansible-dkim](https://github.com/FoxyRoles/ansible-dkim), which is published through [ansible galaxy](https://galaxy.ansible.com/ui/standalone/roles/sunfoxcz/dkim/).
+* Tasmota plays rely on [ansible-tasmota](https://github.com/tobias-richter/ansible-tasmota), which is available through [ansible galaxy](https://galaxy.ansible.com/ui/standalone/roles/tobias_richter/tasmota/), but which [I had modified](https://github.com/spacelama/ansible-tasmota) (but which got merged into upstream) to allow for and transparently recovers from the Tasmota device spontaneously rebooting after certain configurations are applied.
+* The SMTP plays setup DKIM signatures via [ansible-dkim](https://github.com/FoxyRoles/ansible-dkim), which is published through [ansible galaxy](https://galaxy.ansible.com/ui/standalone/roles/sunfoxcz/dkim/), but which [I've modified](https://github.com/spacelama/ansible-dkim) and included in this repo to allow for other opendkim parameters I need.
 
 # Initial playbook setup and Configuration
 

repos/ansible-dkim

@@ -0,0 +1 @@
+../repos/ansible-dkim

roles/ansible-dkim

@@ -10,12 +10,12 @@
 #  become: true
 
 - include_role:
-    name: sunfoxcz.dkim
+    name: ansible-dkim
 
 - name: Make sure all handlers run
   meta: flush_handlers
 
 - debug:
-    msg: "copy /etc/opendkim/keys/{{ dkim_domains }}/{{ dkim_selector }}.txt variable to your DNS, then test with: echo This is a test mailing | mail -s \"test $(date)\" -r {{ dkim_admin_email }} [email protected]"
+    msg: "copy /etc/opendkim/keys/{{ dkim_domains[0] }}/{{ dkim_selector }}.txt variable to your DNS, then test with: echo This is a test mailing | mail -s \"test $(date)\" -r {{ dkim_admin_email }} [email protected]"
 
 #WARNING: https://wiki.debian.org/opendkim: Postfix does not pass internally-generated messages such as bounce messages to opendkim, so by default bounces are not DKIM-signed. This can be a problem if you also use a strict DMARC policy, because it may cause your unsigned bounce messages themselves to get rejected. The internal_mail_filter_classes parameter can be used to pass bounces through the milters as well

roles/smtp/tasks/dkim.yml

@@ -33,6 +33,7 @@
     - rather.puzzling.org
     #    - timconnors.org
   dkim_same_key: false
+  dkim_conf_override: Nameservers 127.0.0.1
 
   dovecot_insecure_logfile_creation: true
   smtp_crontab: