---
- name: install opendkim packages
  apt:
    name:
    - opendkim
    - opendkim-tools
    state: present

- name: create configure sub directory
  file:
    path: /etc/opendkim
    state: directory
    mode: 0700
    owner: opendkim
    group: opendkim

- name: remove annoying sample Socket options
  lineinfile:
    regexp: "^#Socket\\s+"
    state: absent
    dest: /etc/opendkim.conf
  notify: restart opendkim

- name: set opendkim default options
  set_fact:
    opendkim_options_default:
      Mode: "{{ opendkim_sign | ternary('s','') }}{{ opendkim_verify | ternary('v','') }}"
      ReportAddress: "{{ opendkim_admin_mail }}"
      LogWhy: "yes"
    opendkim_options_postfix: {}
    opendkim_options_sign: {}
    opendkim_options_verify: {}

- name: prepare opendkim to be used with chrooted postfix
  when: opendkim_socket_for_postfix
  block:
  - name: set opendkim postfix options
    set_fact:
      opendkim_options_postfix:
        Socket: "local:/var/spool/postfix/opendkim/opendkim.sock"

  - name: create systemd override directory
    file:
      path: /etc/systemd/system/opendkim.service.d
      state: directory

  - name: add systemd service override
    copy:
      content: |
        [Service]
        ExecStartPre=+/usr/bin/install -d /var/spool/postfix/opendkim -o opendkim -g opendkim -m 0750
      dest: /etc/systemd/system/opendkim.service.d/postfix-chroot.conf
    notify: reload systemd

  - name: configure opendkim listen socket for legacy init
    lineinfile:
      dest: /etc/default/opendkim
      regexp: '^SOCKET='
      line: 'SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"'
    notify: restart opendkim

- name: prepare opendkim for signing
  when: opendkim_sign
  block:
  - name: set opendkim sign options
    set_fact:
      opendkim_options_sign:
        InternalHosts: "{{ opendkim_internal_hosts | join(', ') }}"
        KeyTable: "refile:/etc/opendkim/KeyTable"
        SigningTable: "refile:/etc/opendkim/SigningTable"

  - name: generate/install dkim keys
    loop: "{{ opendkim_domains | dict2items }}"
    loop_control:
      loop_var: opendkim_domain
      label: "{{ opendkim_domain.key }}"
    include_tasks: dkim-key.yml

  - name: install KeyTable and SingingTable
    loop:
    - KeyTable
    - SigningTable
    template:
      src: "{{ item }}.j2"
      dest: "/etc/opendkim/{{ item }}"
    notify: restart opendkim

## TODO: implement this
# - name: prepare opendkim for verifying
#   when: opendkim_verify
#   block:
#   - name: set opendkim verify options
#     set_fact:
#       opendkim_options_verify:
#         option: "value"

- name: configure opendkim
  loop: "{{ opendkim_options_default | combine(opendkim_options_postfix) | combine(opendkim_options_sign) | combine(opendkim_options_verify) | dict2items }}"
  loop_control:
    label: "{{ item.key }} = {{ item.value }}"
  lineinfile:
    regexp: "^#?\\s*{{ item.key }}\\s+"
    line: "{{ item.key }}\t\t\t{{ item.value }}"
    dest: /etc/opendkim.conf
  notify: restart opendkim