---
# vim: set et sw=2 ts=2 sts=2:

- name: install gnutls, postfix & dovecot
  apt:
    name:
    # X509
    - gnutls-bin

    # ansible
    - python3-pip
    - python3-openssl
    - python3-psycopg2

    #- libpam-ldapd

    # postfix
    - postfix
    - postfix-pcre
    - postfix-cdb
    - postfix-lmdb

    # milter
    - opendkim
    - opendkim-tools
    - opendmarc
    - postfix-policyd-spf-python
    # for rewriting sender (tries to fix forwarding+SPF-problem)
    - postsrsd

    # imap
    - dovecot-core
    - dovecot-imapd
    - dovecot-managesieved
    - dovecot-ldap
    - dovecot-gssapi
    - dovecot-lmtpd

    # ruby - scripts
    - ruby
    - ruby-gem

- name: 'directory-structures (/etc/postfix-&/etc/dovecot&...)'
  file:
    dest: "{{item}}"
    owner: root
    group: root
    mode: 0755
    state: directory
  with_items:
  - /etc/postfix
  - /etc/dovecot
  - /etc/dovecot/conf.d
  - /etc/dkimkeys
  - /etc/systemd/system/dovecot.service.d

- name: Groups
  group:
    name: "{{item}}"
    system: yes
  with_items:
  - vmail
  - milter

- name: vmail-user for Mailboxes
  user:
    name: vmail
    uid: '{{postfix_vmail_uid}}'
    comment: Mailboxes
    group: vmail
    shell: /bin/false
    createhome: no
    home: /var/mail/vmail
    move_home: no
    skeleton: no
    system: yes

- name: add milter-group-members
  user:
    name: "{{item}}"
    append: yes
    groups: milter
  with_items:
  - opendkim
  - opendmarc
  - postfix

- name: '/var/mail'
  file:
    dest: /var/mail
    group: vmail
    owner: vmail
    state: directory
    mode: 03700
- name: '/var/mail domains'
  file:
    dest: '/var/mail/{{item}}'
    group: vmail
    owner: vmail
    state: directory
    mode: 03700
  with_items: '{{mail_domains}}'

- name: /etc/mailname
  copy:
    dest: /etc/mailname
    content: "{{mail_server_fqdn}}"

- file:
    dest: /var/spool/postfix/milter
    owner: postfix
    group: milter
    mode: 0570
    state: directory

- name: 'opendkim: config'
  lineinfile:
    path: /etc/opendkim.conf
    regexp: '^{{item.key}}[ \t]'
    insertafter: '^#{{item.key}}[ \t]'
    line: '{{item.key}} {{item.value}}'
  with_dict:
    Domain: '{{mail_server_fqdn}}'
    KeyFile: '/etc/dkimkeys/{{mail_dkim_selector}}.key'
    Socket: local:/var/spool/postfix/milter/opendkim
    Selector: '{{mail_dkim_selector}}'

- name: 'DKIM-key'
  shell: |
    set -e
    f={{item|quote}}
    ulimit 0400
    opendkim-genkey --bits 2048 --domain {{mail_server_fqdn|quote}} --restrict --selector "$f"
    chown opendkim:root "$f.private" "$f.txt"
    mv "$f.private" "$f.key"
    mv "$f.txt" "$f.zone"
  args:
    chdir: /etc/dkimkeys
    creates: "{{item}}.key"
  with_items:
  - "{{mail_dkim_selector}}"

- name: 'opendmarc: config'
  lineinfile:
    path: /etc/opendmarc.conf
    regexp: '^{{item.key}}[ \t]'
    insertafter: '^#{{item.key}}[ \t]'
    line: '{{item.key}} {{item.value}}'
  with_dict:
    Socket: local:/var/spool/postfix/milter/opendmarc

- name: 'postscreen access via SPF entries generator'
  copy:
    src: postscreen_access_spf_generator.rb
    dest: /usr/local/bin
    owner: root
    group: root
    mode: 0755

- name: copy systemd-services
  copy:
    src: "{{item}}"
    dest: /etc/systemd/system
    owner: root
    group: root
    mode: 0444
  with_fileglob: "systemd/system/*"
- name: copy service-configs
  copy:
    src: "{{item}}"
    dest: /etc/default
    owner: root
    group: root
    mode: 0444
  with_fileglob: "systemd/default/*"

- include_tasks: postfix.yml
- include_tasks: dovecot.yml
- include_tasks: tls.yml

- name: enabled services
  systemd:
    name: '{{item}}'
    daemon-reload: true
    enabled: true
  with_items: [dovecot, postfix, opendkim, opendmarc, postsrsd]

- name: reload/restart services
  shell: 'systemctl reload-or-restart {{item|quote}}'
  with_items: [dovecot, postfix, opendkim, opendmarc, postsrsd]