- name: postfix & dkim anti-spam setup
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become_var}}"
  tasks:

  #
  # requriements
  #

  # DANE wants DNSSEC
  # todo - setup the full check with dig
  - name: check dnssec
    ansible.builtin.shell:
      # may be some bsd there
      executable: /bin/sh
      cmd: "pgrep unbound"
    check_mode: false
    changed_when: false

  #
  # dkim comes first
  #

  - name: standalone dkim template on freebsd
    ansible.builtin.template:
      src: opendkim.conf
      dest: /usr/local/etc/mail/opendkim.conf
      mode: 0644
    notify: restart dkim on freebsd
    diff: true
    when: system == 'freebsd'

  - name: standalone dkim template
    ansible.builtin.template:
      src: opendkim.conf
      dest: /etc/opendkim.conf
      mode: 0644
    notify: restart dkim
    diff: true
    when: system != 'freebsd'

  # freebsd
  #rc.conf:milteropendkim_enable=yes

  #
  # procmail
  #

  - name: standalone and system-wide procmailrc config file
    ansible.builtin.copy:
      src: procmailrc
      dest: /etc/procmailrc
      mode: 0600
    diff: true

  - name: standalone reprocess maildir script
    ansible.builtin.copy:
      src: reprocess-maildir
      dest: /usr/local/bin/reprocess-maildir
      mode: 0755
    diff: true

  #
  # postfix
  #

  - name: templates configs
    ansible.builtin.template:
      src: "{{item}}"
      dest: /etc/postfix/{{ item | basename | regex_replace('_j2$', '') }}
      mode: 0644
    with_items: "{{ 'postfix/*_j2' | fileglob }}"
    notify: reload postfix
    diff: true

  - name: flat config files
    ansible.builtin.copy:
      src: "{{item}}"
      dest: /etc/postfix/{{ item | basename | regex_replace('_flat$', '') }}
      mode: 0644
    with_items: "{{ 'postfix/*_flat' | fileglob }}"
    notify: reload postfix
    diff: true

  - name: system specific master.cf
    ansible.builtin.copy:
      src: "postfix/master.cf.{{system}}"
      dest: /etc/postfix/master.cf
      mode: 0644
    notify: reload postfix
    diff: true

  - name: blockinfile configs
    ansible.builtin.blockinfile:
      block: "{{ lookup('file', item) }}"
      path: /etc/postfix/{{ item | basename | regex_replace('_blockinfile$', '') }}
      prepend_newline: true
      append_newline: true
    with_items: "{{ 'postfix/*_blockinfile' | fileglob }}"
    notify: rebuild and reload
    diff: true

  handlers:

  - name: reload dkim on freebsd
    ansible.builtin.shell:
      executable: /bin/sh
      cmd: "/etc/rc.d/milter-opendkim reload"

  - name: restart dkim on freebsd
    ansible.builtin.shell:
      executable: /bin/sh
      cmd: "/etc/rc.d/milter-opendkim restart"

  - name: reload dkim
    ansible.builtin.shell:
      executable: /bin/sh
      cmd: "systemctl reload opendkim.service"

  - name: restart dkim
    ansible.builtin.shell:
      executable: /bin/sh
      cmd: "systemctl restart opendkim.service"

  - name: rebuild access lists
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "postmap /etc/postfix/access.{client,sender,rcpt}"
    listen: rebuild and reload

  - name: reload postfix
    ansible.builtin.shell:
      executable: /bin/sh
      cmd: "systemctl reload postfix.service 2>/dev/null || postfix reload"
    listen: rebuild and reload