- name: postfix & dkim anti-spam setup
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become}}"
  tasks:

  #
  # requriements
  #

  # DANE wants DNSSEC
  # todo - setup the full check with dig
  - name: check dnssec
    ansible.builtin.shell:
      executable: /bin/sh
      cmd: "pgrep unbound"
    check_mode: false
    changed_when: false

  #
  # dkim comes first
  #

  - name: standalone dkim template on freebsd
    ansible.builtin.template:
      src: opendkim.conf.j2
      dest: /usr/local/etc/mail/opendkim.conf
      mode: 0644
    notify: reload dkim on freebsd
    diff: true
    when: system == 'freebsd'

  - name: standalone dkim template
    ansible.builtin.template:
      src: opendkim.conf.j2
      dest: /etc/opendkim.conf
      mode: 0644
    notify: reload dkim
    diff: true
    when: system != 'freebsd'

  #
  # procmail
  #

  - name: standalone and system-wide procmailrc config file
    ansible.builtin.copy:
      src: procmailrc
      dest: /etc/procmailrc
      mode: 0600
    diff: true

  - name: standalone reprocess maildir script
    ansible.builtin.copy:
      src: reprocess-maildir
      dest: /usr/local/bin/reprocess-maildir
      mode: 0755
    diff: true

  #
  # postfix
  #

  - name: templates configs
    ansible.builtin.template:
      src: "{{ item }}"
      dest: /etc/postfix/{{ item | basename | regex_replace('_jinja2$', '') }}
      mode: 0644
    with_items: "{{ '*_jinja2' | fileglob }}"
    notify: reload postfix
    diff: true

  - name: flat config files
    ansible.builtin.copy:
      src: "{{ item }}"
      dest: /etc/postfix/{{ item | basename | regex_replace('_flat$', '') }}
      mode: 0644
    with_items: "{{ '*_flat' | fileglob }}"
    notify: reload postfix
    diff: true

  - name: system specific master.cf
    ansible.builtin.copy:
      src: "master.cf.{{system}}"
      dest: /etc/postfix/master.cf
      mode: 0644
    notify: reload postfix
    diff: true

  - name: blockinfile configs
    ansible.builtin.blockinfile:
      block: "{{ lookup('file', item) }}"
      path: /etc/postfix/{{ item | basename | regex_replace('_blockinfile$', '') }}
      prepend_newline: true
      append_newline: true
    with_items: "{{ '*_blockinfile' | fileglob }}"
    notify: rebuild and reload
    diff: true

  handlers:

  - name: reload dkim on freebsd
    ansible.builtin.shell:
      executable: /bin/sh
      cmd: "/etc/rc.d/milter-opendkim reload"

  - name: reload dkim
    ansible.builtin.shell:
      executable: /bin/sh
      cmd: "systemctl reload opendkim.service"

  - name: rebuild access lists
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: "postmap /etc/postfix/access.{client,sender,rcpt}"
    listen: rebuild and reload

  - name: reload postfix
    ansible.builtin.shell:
      executable: /bin/sh
      cmd: "systemctl reload postfix.service 2>/dev/null || postfix reload"
    listen: rebuild and reload