ansible-roles/spamassasin/tasks/main.yml

---

- name: For Debian < 12
  set_fact:
    spamassassin_restart_handler: restart spamassassin
    spamassassin_package_name: spamassassin
  tags:
    - spamassassin
  when: ansible_distribution_major_version is version('12', '<')

# the package is called "spamd" after Debian 12
- name: For Debian >= 12
  set_fact:
    spamassassin_restart_handler: restart spamd
    spamassassin_package_name: spamd
  tags:
    - spamassassin
  when: ansible_distribution_major_version is version('12', '>=')

- name: Install SpamAssassin
  ansible.builtin.apt:
    name:
      - "{{ spamassassin_package_name }}"
    state: present
  tags:
    - spamassassin

- name: Configure SpamAssassin
  ansible.builtin.copy:
    src: spamassassin.cf
    dest: /etc/spamassassin/local_evolix.cf
    mode: "0644"
  notify: "{{ spamassassin_restart_handler }}"
  tags:
    - spamassassin

- name: Enable SpamAssassin
  ansible.builtin.replace:
    dest: /etc/default/spamassassin
    regexp: 'ENABLED=0'
    replace: 'ENABLED=1'
  tags:
    - spamassassin
  when: ansible_distribution_major_version is version('12', '<')

- name: add amavis user to debian-spamd group
  ansible.builtin.user:
    name: amavis
    groups: debian-spamd
    append: yes
  tags:
    - spamassassin

- name: fix right on /var/lib/spamassassin
  ansible.builtin.file:
    dest: /var/lib/spamassassin
    state: directory
    mode: "0750"
  tags:
    - spamassassin

- ansible.builtin.include_role:
    name: evolix/remount-usr
  tags:
    - spamassassin

- name: Check evomaintenance config
  ansible.builtin.stat:
    path: /etc/evomaintenance.cf
  register: _evomaintenance_config

- name: Verify sa-update dependency
  ansible.builtin.assert:
    that:
      - _evomaintenance_config.stat.exists
    msg: sa-update.sh needs /etc/evomaintenance.cf

- name: copy sa-update.sh script
  ansible.builtin.copy:
    src: sa-update.sh
    dest: /usr/share/scripts/sa-update.sh
    mode: "0750"
  tags:
    - spamassassin

- name: Check if cron is installed
  ansible.builtin.shell:
    cmd: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
    executable: /bin/bash
  check_mode: no
  failed_when: False
  changed_when: False
  register: is_cron_installed

- name: enable sa-update.sh cron
  ansible.builtin.lineinfile:
    dest: /etc/cron.d/sa-update
    line: "42 6 5 1,4,7,10 * root /usr/share/scripts/sa-update.sh"
    create: yes
    state: present
    mode: "0640"
  when: is_cron_installed.rc == 0
  tags:
    - spamassassin

- name: update SpamAssasin's rules
  ansible.builtin.command:
    cmd: "/usr/share/scripts/sa-update.sh"
  changed_when: False
  tags:
    - spamassassin

- name: ensure SpamAssasin is started and enabled
  ansible.builtin.systemd:
    name: spamassassin
    state: started
    enabled: True
  when: ansible_distribution_major_version is version('12', '<')
  tags:
    - spamassassin

- name: ensure spamd is started and enabled
  ansible.builtin.systemd:
    name: spamd
    state: started
    enabled: True
  when: ansible_distribution_major_version is version('12', '>=')
  tags:
    - spamassassin