---

- hosts: all
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: yes

- hosts: all
  tasks:

    - name: Set-up /etc/hosts entries
      lineinfile:
        dest: /etc/hosts
        line: "{{ item.key }} {{ item.value }}"
      with_dict:
        10.31.127.10: "mail-server domain1"
        10.31.127.20: "client1"
        10.31.127.30: "parameters-mandatory"
        10.31.127.31: "parameters-optional"
        10.31.127.32: "parameters-no-incoming"

- hosts: client1
  tasks:

    - name: Install SWAKS for testing SMTP capability
      apt:
        name: swaks
        state: installed

    - name: Install tool for testing TCP connectivity
      apt:
        name: hping3
        state: installed

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca.cert.pem
        dest: /usr/local/share/ca-certificates/testca.crt
        owner: root
        group: root
        mode: 0644
      notify:
        - Update CA certificate cache

  handlers:

    - name: Update CA certificate cache
      command: /usr/sbin/update-ca-certificates --fresh

- hosts: mail-server
  tasks:

    - name: Deploy CA certificate
      copy:
        src: tests/data/x509/ca.cert.pem
        dest: /usr/local/share/ca-certificates/testca.crt
        owner: root
        group: root
        mode: 0644
      notify:
        - Update CA certificate cache

    - name: Deploy SMTP private key and certificate
      copy:
        src: "tests/data/x509/{{ item }}"
        dest: "/etc/ssl/{{ item }}"
        owner: root
        group: root
        mode: 0600
      with_items:
        - mail-server_smtp.cert.pem
        - mail-server_smtp.key.pem

    - name: Install Postfix
      apt: name="postfix" state=installed

    - name: Purge Exim configuration
      apt: name="exim4*" state=absent purge=yes

    - name: Deploy Postfix configuration
      copy:
        src: tests/data/main.cf
        dest: /etc/postfix/main.cf
        owner: root
        group: root
        mode: 0644
      notify:
        - Restart Postfix

    - name: Install tool for testing TCP connectivity
      apt:
        name: hping3
        state: installed

    - name: Install SWAKS for testing SMTP capability
      apt:
        name: swaks
        state: installed

    - name: Set-up port forwarding
      command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport 27 -j REDIRECT --to-ports 25"
      changed_when: False

  handlers:

    - name: Update CA certificate cache
      command: /usr/sbin/update-ca-certificates --fresh

    - name: Restart Postfix
      service:
        name: postfix
        state: restarted

- hosts: parameters-mandatory
  roles:
    - role: mail_forwarder

      # Global common parameters.
      tls_certificate_dir: tests/data/x509/

- hosts: parameters-optional
  roles:
    - role: mail_forwarder
      local_mail_aliases:
        root: "root testuser"
      smtp_from_relay_allowed: True
      smtp_relay_host: mail-server
      smtp_relay_host_port: 27
      smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

      # common
      ca_certificates:
        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

- hosts: parameters-no-incoming
  roles:
    - role: mail_forwarder
      smtp_relay_host: mail-server
      smtp_from_relay_allowed: False
      smtp_relay_truststore: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

      # common
      ca_certificates:
        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

- hosts: parameters-optional
  tasks:

    - name: Create additional group for testing local aliases
      group:
        name: testuser

    - name: Create additional user for testing local aliases
      user:
        name: testuser
        group: testuser