---
- name: ensure packages are installed
  apt:
    name:
      - postfix
      - postfix-ldap
      - postfix-policyd-spf-python
      - mailgraph
    state: present
  tags:
  - postfix

- name: make /var/lib/mailgraph accessible by www-data
  file:
    path: "/var/lib/mailgraph"
    state: directory
    owner: www-data
    group: www-data
    mode: '0755'

- name: make sure a service Mailgraph is running
  systemd:
    name: mailgraph.service
    state: started  
    enabled: true

- name: create packmail main.cf
  template:
    src: packmail_main.cf.j2
    dest: /etc/postfix/main.cf
    owner: root
    group: root
    mode: "0644"
    force: yes
  notify: restart postfix
  when: (postfix_force_main_cf | bool) or (postfix_maincf_md5_jessie in default_main_cf.stdout) or (postfix_maincf_md5_stretch in default_main_cf.stdout)
  tags:
  - postfix

- name: deploy packmail master.cf
  template:
    src: packmail_master.cf.j2
    dest: /etc/postfix/master.cf
    mode: "0644"
  notify: restart postfix
  tags:
  - postfix

- name: copy default filter files
  copy:
    src: filter
    dest: "/etc/postfix/{{ item }}"
    force: no
  loop:
    - virtual
    - client.access
    - client.access_local
    - header_kill
    - header_kill_local
    - recipient.access
    - recipient.access_local
    - sa-blacklist.access
    - sender.access
    - sender.access_local
    - spamd.cidr
  register: postfix_copy_filter
  tags:
  - postfix

- name: postmap filter files
  command: "postmap /etc/postfix/{{ item }}"
  loop:
    - virtual
    - client.access
    - client.access_local
    - header_kill
    - header_kill_local
    - recipient.access
    - recipient.access_local
    - sa-blacklist.access
    - sender.access
    - sender.access_local
    - spamd.cidr
  when: postfix_copy_filter is changed
  tags:
  - postfix

- name: deploy ldap postfix config
  template:
    src: "{{ item }}.j2"
    dest: "/etc/postfix/{{ item }}"
    mode: "0644"
  loop:
    - virtual_aliases.cf
    - virtual_domains.cf
    - virtual_mailboxes.cf
  notify: restart postfix
  tags:
  - postfix

- include_role:
    name: evolix/remount-usr
  tags:
  - postfix

- name: copy spam.sh script
  copy:
    src: spam.sh
    dest: /usr/share/scripts/spam.sh
    mode: "0700"
  tags:
  - postfix

- name: Check if cron is installed
  shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
  args:
    executable: /bin/bash
  check_mode: no
  failed_when: False
  changed_when: False
  register: is_cron_installed

- name: enable spam.sh cron
  lineinfile:
    dest: /etc/cron.d/spam
    line: "42 * * * * root /usr/share/scripts/spam.sh"
    create: yes
    state: present
    mode: "0640"
  when: is_cron_installed.rc == 0
  tags:
  - postfix

- name: update antispam list
  command: /usr/share/scripts/spam.sh
  changed_when: False
  tags:
  - postfix