---
- name: configure TLS
  when: postfix_mx_tls is defined
  block:
  - name: generate/install/fetch TLS certificate
    vars:
      x509_certificate_name: "postfix-{{ postfix_mx_hostname }}"
      x509_certificate_config: "{{ postfix_mx_tls.certificate_config | default({}) }}"
      x509_certificate_hostnames:
      - "{{ postfix_mx_hostname }}"
      x509_certificate_reload_services:
      - postfix
    include_role:
      name: "x509/{{ postfix_mx_tls.certificate_provider }}/cert"

## TODO: configure virtual and relay domains and maps

- name: configure spam filtering using rspamd
  when: postfix_mx_spam_filter == "rspamd"
  block:
  - name: add postfix user to rspamd group
    user:
      name: postfix
      groups: _rspamd
      append: yes
    notify: restart postfix

  - name: configure postfix milter config for rspamd
    vars:
      postfix_options:
        milter_protocol: "6"
        milter_default_action: "accept"
        smtpd_milters: "unix:rspamd/rspamd-proxy.sock"
        non_smtpd_milters: "unix:rspamd/rspamd-proxy.sock"
    loop: "{{ postfix_options | dict2items }}"
    loop_control:
      label: "{{ item.key }} = {{ item.value }}"
    lineinfile:
      regexp: "^#?\\s*{{ item.key }}\\s*="
      line: "{{ item.key }} = {{ item.value }}"
      dest: /etc/postfix/main.cf
    notify: restart postfix