---
- name: Ruby packages installed
  apt:
    pkg:
      - ruby2.3
      - ruby-addressable
      - ruby-json
      - ruby-net-http-persistent
      - ruby-syslog-logger
    state: present
    update_cache: yes
  tags:
    - email

- name: Ruby script receive-mail in place
  copy:
    src: files/receive-mail
    dest: /usr/local/bin/receive-mail
    mode: 0755
  tags:
    - email

- name: Ruby script discourse-smtp-fast-rejection in place
  copy:
    src: files/discourse-smtp-fast-rejection
    dest: /usr/local/bin/discourse-smtp-fast-rejection
    mode: 0755
  tags:
    - email

- name: Old, unneeded files removed
  file:
    path: /usr/local/bin/discourse-smtp-rcpt-acl
    state: absent
  tags:
    - email

- name: debconf-utils installed for Ansible
  apt:
    name: debconf-utils
    state: present
  tags:
    - email

- name: Debconf Postfix hostname set
  debconf:
    name: postfix
    question: "postfix/mailname"
    value: "{{ hostname }}"
    vtype: string
  tags:
    - email

- name: Debconf Postfix set to be a internet server
  debconf:
    name: postfix
    question: "postfix/main_mailer_type"
    value: "Internet Site"
    vtype: string
  tags:
    - email

- name: Postfix and related email packages installed
  apt:
    pkg:
      - ca-certificates
      - curl
      - debian-archive-keyring
      - dnsutils
      - mailutils
      - mutt
      - opendkim
      - opendkim-tools
      - postfix
      - pwgen
      - whois
    state: present
  tags:
    - email

- name: Postfix smtpd_relay_restrictions set
  command: postconf -e "smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination"
  changed_when: false
  tags:
    - email

- name: Postfix set not to use /etc/aliases
  command: postconf -e "alias_maps = "
  changed_when: false
  tags:
    - email

- name: Postfix mydestination set to localhost
  command: postconf -e "mydestination = localhost"
  changed_when: false
  tags:
    - email

- name: python-docker installed
  apt:
    pkg:
      - python3-docker
    state: present
  tags:
    - email

- name: Fetch app container information
  docker_container_info:
    name: app
  register: containerinfo
  tags:
    - email

- name: Get the app container IP address
  set_fact:
    app_ip_address: '{{ containerinfo.container.NetworkSettings.IPAddress }}'
  tags:
    - email

- name: Postfix my networks set to include {{ app_ip_address }}
  command: postconf -e "mynetworks = 127.0.0.0/8,{{ app_ip_address }}"
  changed_when: false
  tags:
    - email

- name: Postfix relay domains set to {{ hostname }}
  command: postconf -e "relay_domains = {{ hostname }}"
  changed_when: false
  tags:
    - email

- name: Postfix smtpd_recipient_restrictions set
  command: postconf -e "smtpd_recipient_restrictions = permit_mynetworks, check_policy_service unix:private/policy"
  changed_when: false
  tags:
    - email

- name: Postfix opportunistic TLS enabled
  command: postconf -e "smtp_tls_security_level = may"
  changed_when: false
  tags:
    - email

- name: Postfix set to use sub-addresing
  command: postconf -e "recipient_delimiter = +"
  changed_when: false
  tags:
    - email

- name: Postfix disable UTF-8 SMTP input
  command: postconf -e "smtputf8_enable=no"
  changed_when: false
  tags:
    - email

- name: Postfix Time Zone and Lang set
  command: postconf -e "export_environment='TZ LANG'"
  changed_when: false
  tags:
    - email

- name: Postfix set for ipv4 only
  command: postconf -e "inet_protocols = ipv4"
  changed_when: false
  tags:
    - email

- name: Postfix set to use /usr/local/bin/receive-mail
  command: postconf -M -e "discourse/unix=discourse unix - n n - - pipe user=nobody:nogroup argv=/usr/local/bin/receive-mail ${recipient}"
  changed_when: false
  tags:
    - email

- name: Postfix transport in place
  template:
    src: templates/transport.j2
    dest: /etc/postfix/transport
    mode: 0644
  tags:
    - email

- name: Postfix Transport Maps file set
  command: postconf -e "transport_maps=hash:/etc/postfix/transport"
  changed_when: false
  tags:
    - email

- name: Postmap run with Transport Maps file
  command: postmap /etc/postfix/transport
  changed_when: false
  tags:
    - email

- name: Postfix set to reject incorrect email addresses
  command: postconf -M -e "policy/unix=policy unix - n n - - spawn user=nobody argv=/usr/local/bin/discourse-smtp-fast-rejection"
  changed_when: false
  tags:
    - email

- name: Stat "/var/discourse/shared/standalone/letsencrypt/{{ hostname }}/{{ hostname }}.cer"
  stat:
    path: "/var/discourse/shared/standalone/letsencrypt/{{ hostname }}/{{ hostname }}.cer"
  check_mode: false
  register: le_cert
  tags:
    - email

- block:

    - name: Postfix configured to use Let's Encrypt RSA cert for incoming email
      command: postconf -e "smtpd_tls_cert_file = /var/discourse/shared/standalone/letsencrypt/{{ hostname }}/{{ hostname }}.cer"
      tags:
        - email

    - name: Postfix configured to use Let's Encrypt RSA key for incoming email
      command: postconf -e "smtpd_tls_key_file =  /var/discourse/shared/standalone/letsencrypt/{{ hostname }}/{{ hostname }}.key"
      tags:
        - email

  when: le_cert.stat.exists

- name: Directories for opendkim keys and configuration present
  file:
    path: "{{ dir.name }}"
    state: directory
    owner: "{{ dir.owner }}"
    group: "{{ dir.group }}"
    mode: "{{ dir.mode }}"
  loop:
    - name: /etc/opendkim
      mode: "0750"
      owner: root
      group: opendkim
    - name: /etc/opendkim/keys
      mode: "0750"
      owner: root
      group: opendkim
  loop_control:
    loop_var: dir
  tags:
    - email

- name: Set a fact for the postfix_dkim_domains array if it it not defined
  set_fact:
    dkim_domains:
      - "{{ hostname | default(inventory_hostname) }}"
  when: ( dkim_domains is not defined ) or ( dkim_domains == [] )
  tags:
    - email

- name: Generate new KeyTable and SigningTable files
  template:
    src: "{{ template }}.j2"
    dest: "/etc/opendkim/{{ template }}.new"
  loop:
    - KeyTable
    - SigningTable
  loop_control:
    loop_var: template
  tags:
    - email

- name: Loop through the postfix_dkim_domains array including DKIM tasks
  include_tasks: dkim_domain.yml
  loop: "{{ dkim_domains }}"
  loop_control:
    loop_var: domain
  tags:
    - email

- name: Copy the new KeyTable and SigningTable files into place if changed
  copy:
    src: "{{ file }}.new"
    dest: "{{ file }}"
    remote_src: true
  loop:
    - /etc/opendkim/KeyTable
    - /etc/opendkim/SigningTable
  loop_control:
    loop_var: file
  tags:
    - email

- name: Check if the KeyTable has more than one line
  command: wc -l /etc/opendkim/KeyTable
  check_mode: false
  changed_when: false
  register: opendkim_keytable_check
  tags:
    - email

- name: Check if the SigningTable has more than one line
  command: wc -l /etc/opendkim/SigningTable
  check_mode: false
  changed_when: false
  register: opendkim_signingtable_check
  tags:
    - email

- name: Set fact for KeyTable and SigningTable file lengths
  set_fact:
    opendkim_keytable_length: "{{ opendkim_keytable_check.stdout | replace('/etc/opendkim/KeyTable', '') | trim | int }}"
    opendkim_signingtable_length: "{{ opendkim_signingtable_check.stdout | replace('/etc/opendkim/SigningTable', '') | trim | int }}"
  tags:
    - email

- name: Enable OpenDKIM
  block:

    - name: Configure TrustedHosts
      template:
        src: templates/TrustedHosts.j2
        dest: /etc/opendkim/TrustedHosts
        owner: root
        group: root
        mode: 0644
      tags:
        - email

    - name: OpenDKIM configuration in place
      template:
        src: templates/opendkim.conf.j2
        dest: /etc/opendkim.conf
      tags:
        - email

    - name: Run postconf to add DKIM configuration to main.cf
      command: postconf -e "{{ edit }}"
      loop:
        - "milter_default_action = accept"
        - "milter_protocol = 6"
        - "smtpd_milters = inet:localhost:{{ postfix_opendkim_port }}"
        - "non_smtpd_milters = inet:localhost:{{ postfix_opendkim_port }}"
      loop_control:
        loop_var: edit
      tags:
        - email

    - name: OpenDKIM enabled and restarted
      service:
        name: opendkim
        enabled: true
        state: restarted
      tags:
        - email

  when: ( opendkim_keytable_length | int > 1 ) and ( opendkim_signingtable_length | int > 1 )

- name: Disable OpenDKIM
  block:

    - name: Run postconf to remove DKIM configuration from main.cf
      command: postconf -X "{{ remove }}"
      loop:
        - "milter_default_action"
        - "milter_protocol"
        - "smtpd_milters"
        - "non_smtpd_milters"
      loop_control:
        loop_var: remove
      changed_when: false
      tags:
        - email

    - name: OpenDKIM disabled and stopped
      service:
        name: opendkim
        enabled: false
        state: stopped
      when: ( postfix_dkim_dns_configured is not defined ) or ( not postfix_dkim_dns_configured )
      tags:
        - email

  when: ( opendkim_keytable_length | int == 1 ) or ( opendkim_signingtable_length | int == 1 )

- name: mail-receiver-environment in place
  template:
    src: templates/mail-receiver-environment.json.j2
    dest: /etc/postfix/mail-receiver-environment.json
    owner: root
    group: root
    mode: 0644

- name: Postfix restarted
  service:
    name: postfix
    state: restarted
  tags:
    - email

- name: Root .forward in place
  template:
    src: templates/forward.j2
    dest: /root/.forward
  tags:
    - email
...