---
- name: install OpenDKIM
  ansible.builtin.apt:
    name:
      - opendkim
      - opendkim-tools
      - ssl-cert
      - dns-root-data
    state: present
    update_cache: yes
  tags:
  - opendkim

- name: Add user opendkim in ssl-cert group
  ansible.builtin.user:
    name: opendkim
    groups: ssl-cert
    state: present
    append: yes
  tags:
  - opendkim

- name: add 127.0.0.1 to TrustedHosts
  ansible.builtin.lineinfile:
    dest: '/etc/opendkim/TrustedHosts'
    line: '127.0.0.1'
    create: True
    owner: opendkim
    group: opendkim
    mode: "0640"
  notify: reload opendkim
  tags:
  - opendkim

- name: create config files
  ansible.builtin.file:
    name: "/etc/opendkim/{{ item }}"
    state: touch
    owner: opendkim
    group: opendkim
    mode: "0640"
  loop:
    - 'KeyTable'
    - 'SigningTable'
  changed_when: False
  tags:
  - opendkim

- name: Add Include in opendkim.conf
  ansible.builtin.lineinfile:
    dest: /etc/opendkim.conf
    line: 'Include /etc/opendkim-evolix.conf'
    state: present
    create: no
    mode: "0644"
  tags:
  - opendkim

- name: copy OpenDKIM config
  ansible.builtin.copy:
    src: opendkim-evolix.conf
    dest: /etc/opendkim-evolix.conf
    mode: "0644"
    force: true
  notify: restart opendkim
  tags:
  - opendkim


- name: Set folder permissions to 0750
  ansible.builtin.file:
    path: "/etc/opendkim/"
    owner: opendkim
    group: opendkim
    mode: "0750"
    force: true
  tags:
  - opendkim

- name: ensure opendkim is started and enabled
  ansible.builtin.systemd:
    name: opendkim
    state: started
    enabled: True
  tags:
  - opendkim

- ansible.builtin.include_role:
    name: evolix/remount-usr

- name: deploy opendkim-add.sh script
  ansible.builtin.copy:
    src: opendkim-add.sh
    dest: /usr/share/scripts/opendkim-add.sh
    mode: "0750"
  tags:
  - opendkim