---
- name: Directorio de build postfix
  file:
    path: /root/.postfix-docker-image
    state: directory
  tags: skip_me

- name: Copiar archivos de build
  copy:
    src: "{{ item }}"
    dest: /root/.postfix-docker-image
  loop:
    - Dockerfile
  tags: skip_me

- name: Crear imagen {{ postfix_image }}
  docker_image:
    state: present
    name: "{{ postfix_image }}"
    path: /root/.postfix-docker-image
  tags: skip_me

- name: Activar container postfix
  docker_container:
    name: "{{ postfix_container }}"
    state: started
    restart_policy: unless-stopped
    image: "{{ postfix_image }}"
    volumes:
      - "{{ postfix_volume }}:/etc/postfix"
      - "{{ postfix_volume_ssl }}:/ssl"
    networks:
      - name: "{{ docker_network_name }}"
    ports: "{{ postfix_publish_ports }}"
    env:
  register: container

- name: Leer info de volumen {{ postfix_volume }}
  docker_volume_info:
    name: "{{ postfix_volume }}"
  register: res

- name: Leer info de volumen {{ postfix_volume_ssl }}
  docker_volume_info:
    name: "{{ postfix_volume_ssl }}"
  register: ssl

- name: Exportar informacion de volumen
  set_fact:
    postfix_container: "{{ lookup('vars','postfix_container') }}"
    postfix_volume: "{{ lookup('vars','postfix_volume') }}"
    postfix_mountpoint: "{{ res.volume.Mountpoint }}"
    postfix_volume_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
    postfix_mountpoint_ssl: "{{ ssl.volume.Mountpoint }}"

- name: Configurar lookup tables
  include_tasks: lookup_tables.yml
  loop: "{{ postfix_mail_domains.keys()|list }}"
  loop_control:
    loop_var: domain

- name: Directorio de reglas para access lists
  file:
    name: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}"
    state: directory

- name: Template client access list
  blockinfile:
    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/client_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_client_access_list` to change these values
      {% for entry in postfix_client_access_list -%}
      {{ entry.regex }} {{ entry.action }}
      {% endfor %}
  notify: postmap access lists

- name: Template helo access list
  blockinfile:
    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/helo_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_helo_access_list` to change these values
      {% for entry in postfix_helo_access_list -%}
      {{ entry.host }} {{ entry.action }}
      {% endfor %}
  notify: postmap access lists

- name: Template recipient access list
  blockinfile:
    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/recipient_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_recipient_access_list` to change these values
      {% for entry in postfix_recipient_access_list -%}
      {{ entry.rcpt }} {{ entry.action }}
      {% endfor %}
  notify: postmap access lists

- name: Template sender access list
  blockinfile:
    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/sender_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_sender_access_list` to change these values
      {% for entry in postfix_sender_access_list -%}
      {{ entry.sender }} {{ entry.action }}
      {% endfor %}
  notify: postmap access lists

- name: Configurar main.cf
  postconf:
    parameter:
      maillog_file: /dev/stdout
      mydestination: >-
        {{ postfix_unix_domains |
        union( [ ansible_fqdn, 'localhost.localdomain', 'localhost'] ) |
        difference( postfix_mail_domains ) }}
      myhostname:
        "{{ postfix_server_name }}"
      mydomain:
        "{{ postfix_server_domain }}"
      mynetworks: >-
        {{ ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128'] |
        union( postfix_local_networks ) }}
      virtual_alias_maps: >-
        {% for d in postfix_mail_domains.keys()|list %}
        {% set p = postfix_mail_domains[d].alias_lookup.provider|default(postfix_lookup_provider) %}
        {% if p == "ldap" %}
        ldap:/etc/postfix/{{ d }}_ldap_alias.cf
        {% if postfix_mail_domains[d].alias_lookup.use_group_as_alias|default(postfix_ldap_use_group_alias) %},
        ldap:/etc/postfix/{{ d }}_ldap_group.cf
        {% endif %}
        {% elif p == "sqlite" %}
        sqlite:/etc/postfix/{{d}}_sqlite_alias.cf
        {% elif p == "file" %}
        hash:/etc/postfix/{{ d }}_aliases
        {% endif %}, hash:/etc/postfix/{{ d }}_noreply
        {{ '' if loop.last else ',' }}{% endfor %}
      virtual_mailbox_maps: >-
        {% for d in postfix_mail_domains.keys()|list %}
        {% set p = postfix_mail_domains[d].user_lookup.provider|default(postfix_lookup_provider) %}
        {% if p == "ldap" %}
        ldap:/etc/postfix/{{ d }}_ldap_user.cf
        {% elif p == "sqlite" %}
        sqlite:/etc/postfix/{{ d }}_sqlite_user.cf
        {% elif p == "file" %}
        hash:/etc/postfix/{{ d }}_users
        {% endif %}{{ '' if loop.last else ',' }}{% endfor %},
      virtual_transport: "lmtp:{{ dovecot_container }}:24"
      virtual_mailbox_domains: "{{ postfix_mail_domains }}"
      smtpd_sasl_path: "inet:{{ dovecot_container }}:12345"
      smtpd_sasl_type: dovecot
      smtpd_sasl_auth_enable: "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
      smtpd_tls_cert_file: /ssl/cert.pem
      smtpd_tls_key_file: /ssl/key.pem
      smtp_tls_security_level:
        "{{postfix_incoming_tls_security}}"
      smtpd_tls_security_level:
        "{{postfix_outgoing_tls_security}}"
      smtpd_tls_auth_only:
        "{{ 'yes' if postfix_allow_insecure_auth else 'no'}}"
      smtpd_tls_session_cache_database:
        "{{ 'btree:${data_directory}/smtpd_scache' if postfix_tls_session_cache else '' }}"
      smtpd_client_restrictions:
        "{{ postfix_client_restrictions }}"
      smtpd_data_restrictions:
        "{{ postfix_data_restrictions }}"
      smtpd_helo_restrictions:
        "{{ postfix_helo_restrictions }}"
      smtpd_relay_restrictions:
        "{{ postfix_relay_restrictions }}"
      smtpd_recipient_restrictions:
        "{{ postfix_recipient_restrictions }}"
      message_size_limit:
        "{{ postfix_message_size_limit }}"
      smtpd_helo_required:
        "{{ 'yes' if postfix_helo_required else 'no' }}"
      biff:
        "{{ 'yes' if postfix_biff else 'no' }}"
  notify: reload postfix

- name: Disable chroot for services
  postconf:
    service: "{{ item.1 }}"
    type: "{{ item.2 }}"
    chroot: "n"
  notify: reload postfix
  loop:
    - [smtp, inet]
    - [pickup, unix]
    - [cleanup, unix]
    - [qmgr, unix]
    - [tlsmgr, unix]
    - [rewrite, unix]
    - [bounce, unix]
    - [defer, unix]
    - [trace, unix]
    - [verify, unix]
    - [flush, unix]
    - [smtp, unix]
    - [relay, unix]
    - [showq, unix]
    - [error, unix]
    - [retry, unix]
    - [discard, unix]
    - [lmtp, unix]
    - [anvil, unix]
    - [scache, unix]

- name: Enable submission service
  postconf:
    service: submission
    type: inet
    private: 'n'
    chroot: 'n'
    command: smtpd
    parameter:
      milter_macro_daemon_name: ORIGINATING
      smtpd_client_restrictions:
        - permit_sasl_authenticated
        - reject
      smtpd_sasl_auth_enable: 'yes'
      smtpd_tls_security_level: encrypt
      syslog_name: postfix/submission
  notify: reload postfix
  when: postfix_submission_enable == True

- name: Disable submission service
  postconf:
    service: submission
    type: inet
    state: absent
  notify: reload postfix
  when: postfix_submission_enable == False

# - name: "Enable postscreen"
#   include_tasks: postscreen.yml
#   when: "postfix_postscreen_enable == True"

# - name: "Disable postscreen"
#   include_tasks: postscreen_disable.yml
#   when: "postfix_postscreen_enable == False"

# TODO: mensajes

# TODO: milter_header_checks