---
- name: create sub directory for keys
  file:
    path: "/etc/opendkim/keys/{{ opendkim_domain.key }}"
    state: directory
    mode: 0700
    owner: opendkim
    group: opendkim

- name: install precomputed keys
  loop: "{{ opendkim_domain.value['keys'] | dict2items | selectattr('value.content', 'defined') }}"
  loop_control:
    label: "{{ item.key }}@{{ opendkim_domain.key }}"
  copy:
    dest: "/etc/opendkim/keys/{{ opendkim_domain.key }}/{{ item.key }}.private"
    content: "{{ item.value.content }}"
    mode: 0600
    owner: opendkim
    group: opendkim

- name: generate DKIM keys
  loop: "{{ opendkim_domain.value['keys'] | dict2items | rejectattr('value.content', 'defined') }}"
  loop_control:
    label: "{{ item.key }}@{{ opendkim_domain.key }}"
  command: "opendkim-genkey -b {{ item.value.keylength }} -s {{ item.key }} -d {{ opendkim_domain.key }} -D '/etc/opendkim/keys/{{ opendkim_domain.key }}'"
  args:
    creates: "/etc/opendkim/keys/{{ opendkim_domain.key }}/{{ item.key }}.private"

- name: fix permission for generated DKIM keys
  loop: "{{ opendkim_domain.value['keys'] | dict2items | rejectattr('value.content', 'defined') }}"
  loop_control:
    label: "{{ item.key }}@{{ opendkim_domain.key }}"
  file:
    path: "/etc/opendkim/keys/{{ opendkim_domain.key }}/{{ item.key }}.private"
    mode: 0600
    owner: opendkim
    group: opendkim