- name: Install Mail Packages
  ansible.builtin.dnf:
    name:
      - postfix
      - dovecot
      - opendkim
      - opendkim-tools
    state: present

- name: Ensure OpenDKIM keys directory exists
  ansible.builtin.file:
    path: "/etc/opendkim/keys/{{ vault_public_domain }}"
    state: directory
    owner: opendkim
    group: opendkim
    mode: "0750"

- name: Generate DKIM Key
  ansible.builtin.command:
    cmd: "opendkim-genkey -a ed25519 -s default -d {{ vault_public_domain }} -D /etc/opendkim/keys/{{ vault_public_domain }}/"
    creates: "/etc/opendkim/keys/{{ vault_public_domain }}/default.private"
  notify: Fix DKIM permissions

- name: Configure OpenDKIM mappings
  ansible.builtin.copy:
    dest: "{{ item.path }}"
    content: "{{ item.content }}"
    mode: "0644"
  loop:
    - { path: /etc/opendkim/KeyTable, content: "default._domainkey.{{ vault_public_domain }} {{ vault_public_domain }}:default:/etc/opendkim/keys/{{ vault_public_domain }}/default.private\n" }
    - { path: /etc/opendkim/SigningTable, content: "*@{{ vault_public_domain }} default._domainkey.{{ vault_public_domain }}\n" }
    - { path: /etc/opendkim/TrustedHosts, content: "127.0.0.1\nlocalhost\n10.0.0.0/24\n" }
  notify: Restart Mail Services

- name: Deploy Configurations
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "0644"
  loop:
    - { src: postfix_main.cf.j2, dest: /etc/postfix/main.cf }
    - { src: postfix_master.cf.j2, dest: /etc/postfix/master.cf }
    - { src: dovecot.conf.j2, dest: /etc/dovecot/dovecot.conf }
    - { src: opendkim.conf.j2, dest: /etc/opendkim.conf }
  notify: Restart Mail Services

- name: Add Mail User
  ansible.builtin.user:
    name: me
    shell: /sbin/nologin
    password: "{{ vault_mail_user_password | password_hash('sha512') }}"

- name: Ensure Services are Enabled and Running
  ansible.builtin.systemd:
    name: "{{ item }}"
    state: started
    enabled: yes
  loop:
    - postfix
    - dovecot
    - opendkim