---

- name: Install rsync
  apt: name="rsync" state=installed

- name: Install Dovecot packages
  apt: name="{{ item }}" state=installed
  with_items:
    - dovecot-imapd
    - dovecot-ldap
    - dovecot-sieve
    - dovecot-managesieved

- name: Install Postfix packages
  apt: name="{{ item }}" state=installed
  with_items:
    - postfix
    - postfix-ldap

- name: Purge Exim configuration
  apt: name="exim4*" state=absent purge=yes

- name: Allow Postfix user to traverse the directory with TLS private keys
  user: name=postfix append=yes groups=ssl-cert

- name: Allow Dovecot user to traverse the directory with TLS private keys
  user: name=dovecot append=yes groups=ssl-cert

- name: Deploy SMTP TLS private key
  copy: dest="/etc/ssl/private/{{ ansible_fqdn }}_smtp.key" content="{{ smtp_tls_key }}"
        mode=640 owner=root group=root
  notify:
    - Restart Postfix

- name: Deploy SMTP TLS certificate
  copy: dest="/etc/ssl/certs/{{ ansible_fqdn }}_smtp.pem" content="{{ smtp_tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart Postfix

- name: Deploy IMAP TLS private key
  copy: dest="/etc/ssl/private/{{ ansible_fqdn }}_imap.key" content="{{ imap_tls_key }}"
        mode=640 owner=root group=root
  notify:
    - Restart Dovecot

- name: Deploy IMAP TLS certificate
  copy: dest="/etc/ssl/certs/{{ ansible_fqdn }}_imap.pem" content="{{ imap_tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart Dovecot

- name: Install SWAKS
  apt: name="swaks" state=installed

- name: Install milter packages
  apt: name=clamav-milter state=installed

- name: Configure ClamAV Milter
  copy: dest="/etc/clamav/clamav-milter.conf" src="clamav-milter.conf"
        mode=644 owner=root group=root
  notify:
    - Restart ClamAV Milter

- name: Set-up privileges for directories within Postfix chroot
  file: dest="{{ item }}" mode=755 state=directory owner=root group=root
  with_items:
    - /var/spool/postfix/var
    - /var/spool/postfix/var/run

- name: Set-up privileges for directories within Postfix chroot
  file: dest="{{ item }}" mode=755 state=directory owner=clamav group=clamav
  with_items:
    - /var/spool/postfix/var/run/clamav

- name: Deploy the LDAP TLS truststore in default location
  copy: content="{{ mail_ldap_tls_truststore }}" dest="/etc/ssl/certs/mail_ldap_tls_truststore.pem"
        owner=root group=root mode=644

- name: Deploy the LDAP TLS truststore in Postfix chroot
  copy: content="{{ mail_ldap_tls_truststore }}" dest="/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem"
        owner=root group=root mode=644

- name: Deploy Postfix configurations files for LDAP look-ups
  template: src="{{ item }}.cf.j2" dest="/etc/postfix/{{ item }}.cf" owner=root group=postfix mode=640
  with_items:
    - ldap-virtual-alias-maps
    - ldap-virtual-mailbox-domains
    - ldap-virtual-mailbox-maps
  notify:
    - Restart Postfix

- name: Deploy Postfix main configuration
  template: src="main.cf.j2" dest="/etc/postfix/main.cf"
  notify:
    - Restart Postfix

- name: Set-up local mail aliases
  lineinfile:
    dest: "/etc/aliases"
    line: "{{ item.key }}: {{ item.value }}"
    regexp: "^{{ item.key }}"
    state: present
  with_dict: "{{ local_mail_aliases }}"
  notify:
    - Rebuild mail aliases

- name: Create mail owner group
  group: name="{{ mail_user }}" gid="{{ mail_user_gid | default(omit) }}" state=present

- name: Create mail owner user
  user: name="{{ mail_user }}" uid="{{ mail_user_uid | default(omit) }}" group="{{ mail_user }}"
        home="/var/{{ mail_user }}" state=present

- name: Disable Dovecot system authentication
  lineinfile: dest="/etc/dovecot/conf.d/10-auth.conf" line="!include auth-system.conf.ext" state=absent
  notify:
    - Restart Dovecot

- name: Deploy Dovecot configuration file with overrides
  template: src="99-local.conf.j2" dest="/etc/dovecot/conf.d/99-local.conf" owner=root group=root mode=644
  notify:
    - Restart Dovecot

- name: Deploy Dovecot configuration file for LDAP look-ups
  template: src="dovecot-ldap.conf.ext.j2" dest="/etc/dovecot/dovecot-ldap.conf.ext" owner=root group=root mode=600
  notify:
    - Restart Dovecot

- name: Deploy Postifx master process configuration
  copy: src="master.cf" dest="/etc/postfix/master.cf"
        owner=root group=root mode=644
  notify:
    - Restart Postfix

- name: Enable services on boot (workaround for systemctl broken handling of SysV)
  command: "rcconf -on {{ item }}"
  register: result
  changed_when: result.stderr == ""
  with_items:
    - clamav-daemon
    - clamav-freshclam
    - clamav-milter
    - postfix
    - dovecot

- name: Enable ClamAV database update service (freshclam)
  service: name=clamav-freshclam state=started

- name: Check availability of ClamAV database files
  stat: path="{{ item }}"
  register: clamav_db_files
  with_items:
    - /var/lib/clamav/bytecode.cld
    - /var/lib/clamav/daily.cld
    - /var/lib/clamav/main.cld

- name: Wait for ClamAV database to be available (up to 10 minutes)
  wait_for: path="{{ item.item | replace('.cld', '.cvd') }}" timeout=600
  with_items: "{{ clamav_db_files.results }}"
  when: not item.stat.exists

- name: Enable ClamAV daemon and milter services
  service: name="{{ item }}" state=started
  with_items:
    - clamav-daemon
    - clamav-milter

- name: Enable Postfix service
  service: name=postfix state=started

- name: Enable Dovecot service
  service: name=dovecot state=started

- name: Deploy firewall configuration for mail server
  copy: src="ferm_mail.conf" dest="/etc/ferm/conf.d/20-mail.conf" owner=root group=root mode=640
  notify:
    - Restart ferm

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers