---
- name: Activar container postfix
  docker_container:
    name: "{{ postfix_container }}"
    state: started
    restart_policy: unless-stopped
    image: "{{ postfix_image }}"
    volumes:
      - "{{ postfix_volume }}:/etc/postfix"
      - "{{ postfix_volume_ssl }}:/ssl"
    networks:
      - name: "{{ docker_network_name }}"
    ports: "{{ postfix_publish_ports }}"
    env:
      MYDESTINATION: >-
        {{ postfix_unix_domains |
        union( [ ansible_fqdn, 'localhost.localdomain', 'localhost'] ) |
        difference( postfix_mail_domains ) }}
      MYHOSTNAME:
        "{{ postfix_server_name }}"
      MYDOMAIN:
        "{{ postfix_server_domain }}"
      MYNETWORKS: >-
        {{ ['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128'] |
        union( postfix_local_networks ) }}
      VIRTUAL_ALIAS_MAPS: >-
        {% for d in postfix_mail_domains.keys()|list %}
        {% set p = postfix_mail_domains[d].alias_lookup.provider|default(postfix_lookup_provider) %}
        {% if p == "ldap" %}
        ldap:/etc/postfix/{{ d }}_ldap_alias.cf
        {% if postfix_mail_domains[d].alias_lookup.use_group_as_alias|default(postfix_ldap_use_group_alias) %},
        ldap:/etc/postfix/{{ d }}_ldap_group.cf
        {% endif %}
        {% elif p == "sqlite" %}
        sqlite:/etc/postfix/{{d}}_sqlite_alias.cf
        {% elif p == "file" %}
        hash:/etc/postfix/{{ d }}_aliases
        {% endif %}, hash:/etc/postfix/{{ d }}_noreply
        {{ '' if loop.last else ',' }}{% endfor %}
      VIRTUAL_MAILBOX_MAPS: >-
        {% for d in postfix_mail_domains.keys()|list %}
        {% set p = postfix_mail_domains[d].user_lookup.provider|default(postfix_lookup_provider) %}
        {% if p == "ldap" %}
        ldap:/etc/postfix/{{ d }}_ldap_user.cf
        {% elif p == "sqlite" %}
        sqlite:/etc/postfix/{{ d }}_sqlite_user.cf
        {% elif p == "file" %}
        hash:/etc/postfix/{{ d }}_users
        {% endif %}{{ '' if loop.last else ',' }}{% endfor %},
      VIRTUAL_TRANSPORT: "lmtp:{{ dovecot_container }}:24"
      VIRTUAL_MAILBOX_DOMAINS: "{{ postfix_mail_domains | join (', ') }}"
      SMTPD_SASL_PATH: "inet:{{ dovecot_container }}:12345"
      SMTPD_SASL_TYPE: dovecot
      SMTPD_SASL_AUTH_ENABLE: "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
      SMTPD_TLS_CERT_FILE: /ssl/cert.pem
      SMTPD_TLS_KEY_FILE: /ssl/key.pem
      SMTP_TLS_SECURITY_LEVEL:
        "{{postfix_incoming_tls_security}}"
      SMTPD_TLS_SECURITY_LEVEL:
        "{{postfix_outgoing_tls_security}}"
      SMTPD_TLS_AUTH_ONLY:
        "{{ 'yes' if postfix_allow_insecure_auth else 'no'}}"
      SMTPD_TLS_SESSION_CACHE_DATABASE:
        "{{ 'btree:${data_directory}/smtpd_scache' if postfix_tls_session_cache else '' }}"
      SMTPD_CLIENT_RESTRICTIONS:
        "{{ postfix_client_restrictions | join(', ') }}"
      SMTPD_DATA_RESTRICTIONS:
        "{{ postfix_data_restrictions | join(', ') }}"
      SMTPD_HELO_RESTRICTIONS:
        "{{ postfix_helo_restrictions | join(', ') }}"
      SMTPD_RELAY_RESTRICTIONS:
        "{{ postfix_relay_restrictions | join(', ') }}"
      SMTPD_RECIPIENT_RESTRICTIONS:
        "{{ postfix_recipient_restrictions | join(', ') }}"
      MESSAGE_SIZE_LIMIT:
        "{{ postfix_message_size_limit | string }}"
      SMTPD_HELO_REQUIRED:
        "{{ 'yes' if postfix_helo_required else 'no' }}"
      BIFF:
        "{{ 'yes' if postfix_biff else 'no' }}"
      SUBMISSION_ENABLE:
        "{{ 'yes' if postfix_submission_enable else 'no' }}"
      POSTSCREEN_ENABLE:
        "{{ 'yes' if postfix_postscreen_enable else 'no' }}"
      POSTSCREEN_ACCESS_LIST:
        "cidr:/etc/postfix/{{ postfix_rules_dir }}/postscreen_access_list.cidr, permit_mynetworks"
      POSTSCREEN_DNSBL_SITES: "\
        {% for entry in postfix_postscreen_dnsbl_sites -%}\
        {% if entry is string -%}{{ entry }}{% elif entry is mapping -%}\
        {{ entry.site }}{{ '*' if entry.score is defined else '' }}\
        {{ entry.score | default('') }}{% endif %}\
        {{ '' if loop.last else ', ' }}{% endfor %}"
      POSTSCREEN_DNSBL_REPLY_MAP:
        "pcre:/etc/postfix/{{ postfix_rules_dir }}/postscreen_dnsbl_mask.pcre"
      POSTSCREEN_BLACKLIST_ACTION:
        "{{ postfix_postscreen_blacklist_action }}"
      POSTSCREEN_DNSBL_ACTION:
        "{{ postfix_postscreen_dnsbl_action }}"
      POSTSCREEN_DNSBL_THRESHOLD:
        "{{ postfix_postscreen_dnsbl_threshold }}"
      POSTSCREEN_DNSBL_WHITELIST_THRESHOLD:
        "{{ postfix_postscreen_dnsbl_whitelist_threshold }}"
      POSTSCREEN_GREET_ACTION:
        "{{ postfix_postscreen_greet_action }}"

  register: container

- name: Exportar informacion de container
  set_fact:
    postfix_container: "{{ lookup('vars','postfix_container') }}"

- when: postfix_volume[0] != '/'
  block:
    - name: Leer info de volumen {{ postfix_volume }}
      docker_volume_info:
        name: "{{ postfix_volume }}"
      register: res_cfg
    - name: Exportar informacion de volumen
      set_fact:
        postfix_volume: "{{ lookup('vars','postfix_volume') }}"
        postfix_mountpoint: "{{ res_cfg.volume.Mountpoint }}"

- when: postfix_volume[0] == '/'
  block:
    - name: Exportar informacion de volumen
      set_fact:
        postfix_volume: "{{ lookup('vars','postfix_volume') }}"
        postfix_mountpoint: "{{ lookup('vars','postfix_volume') }}"

- when: postfix_volume_ssl[0] != '/'
  block:
    - name: Leer info de volumen {{ postfix_volume_ssl }}
      docker_volume_info:
        name: "{{ postfix_volume_ssl }}"
      register: res_ssl
    - name: Exportar informacion de volumen
      set_fact:
        postfix_volume_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
        postfix_mountpoint_ssl: "{{ res_ssl.volume.Mountpoint }}"

- when: postfix_volume_ssl[0] == '/'
  block:
    - name: Exportar informacion de volumen
      set_fact:
        postfix_volume_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
        postfix_mountpoint_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"

# FIXME: resolver access lists y tables en Docker

- name: Configurar lookup tables
  include_tasks: lookup_tables.yml
  loop: "{{ postfix_mail_domains.keys()|list }}"
  loop_control:
    loop_var: domain

- name: Template client access list
  blockinfile:
    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/client_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_client_access_list` to change these values
      {% for entry in postfix_client_access_list -%}
      {{ entry.regex }} {{ entry.action }}
      {% endfor %}
  notify: postmap access lists

- name: Template helo access list
  blockinfile:
    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/helo_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_helo_access_list` to change these values
      {% for entry in postfix_helo_access_list -%}
      {{ entry.host }} {{ entry.action }}
      {% endfor %}
  notify: postmap access lists

- name: Template recipient access list
  blockinfile:
    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/recipient_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_recipient_access_list` to change these values
      {% for entry in postfix_recipient_access_list -%}
      {{ entry.rcpt }} {{ entry.action }}
      {% endfor %}
  notify: postmap access lists

- name: Template sender access list
  blockinfile:
    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/sender_access_list"
    create: yes
    block: |
      # Edit host variable `postfix_sender_access_list` to change these values
      {% for entry in postfix_sender_access_list -%}
      {{ entry.sender }} {{ entry.action }}
      {% endfor %}
  notify: postmap access lists

# TODO: mensajes

# TODO: milter_header_checks