- name: make sure packages are installed
  ansible.builtin.apt:
    name:
      - opensmtpd
      - rspamd
      - opensmtpd-filter-rspamd
  become: true

- name: make sure certificates exist
  ansible.builtin.include_role:
    name: cert
  vars:
    cert__domains:
      - "{{ send_only_mail_server__mail_server_fqdn }}"
    cert__owner: root
    cert__group: opensmtpd
    cert__bind_9_zone: "{{ send_only_mail_server__mail_server_fqdn_zone }}"
    cert__bind_9_host: "{{ send_only_mail_server__bind_9_host }}"
    cert__privkey_pem_permissions: "0640"
    cert__fullchain_pem_permissions: "0640"
    cert__chain_pem_permissions: "0640"
    cert__cert_pem_permissions: "0640"

- name: make sure the OpenSMTPD config is deployed
  ansible.builtin.template:
    src: etc_smtpd.conf.j2
    dest: /etc/smtpd.conf
    owner: root
    group: root
    mode: "0600"
  become: true
  notify: Restart `opensmtpd.service`

- name: make sure `/etc/mail-dkim` directory exists
  ansible.builtin.file:
    path: /etc/mail-dkim
    state: directory
    owner: root
    group: root
    mode: "755"
  become: true

- name: make sure DKIM keypairs for all domains exist
  loop: "{{ send_only_mail_server__mail_domains }}"
  ansible.builtin.include_tasks: ensure_dkim_keypair.yaml

- name: make sure the Rspamd `dkim_signing.conf` is deployed
  ansible.builtin.template:
    src: etc_rspamd_dkim_signing.conf.j2
    dest: /etc/rspamd/local.d/dkim_signing.conf
    owner: root
    group: root
    mode: "0644"
  become: true
  notify: Restart `rspamd.service`

- name: make sure the Rspamd `settings.conf` is deployed
  ansible.builtin.copy:
    src: etc_rspamd_settings.conf
    dest: /etc/rspamd/local.d/settings.conf
    owner: root
    group: root
    mode: "0644"
  become: true
  notify: Restart `rspamd.service`