---
- name: Install packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - make
    - sendmail
    - sendmail-cf

- name: Create root cert directory
  ansible.builtin.file:
    path: /etc/mail/certs
    state: directory
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"

- name: Copy private key
  ansible.builtin.copy:
    dest: "{{ tls_private }}/{{ mail_server }}.key"
    src: "{{ item }}"
    mode: 0600
    owner: root
    group: "{{ ansible_wheel }}"
  with_first_found:
    - "/srv/letsencrypt/live/{{ mail_server }}/privkey.pem"
    - "/srv/ca/private/{{ mail_server }}.key"
    - "/srv/ca/private/{{ inventory_hostname }}.key"
  tags: certificates
  notify: Restart sendmail

- name: Copy certificate
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "{{ tls_certs }}/{{ mail_server }}.crt"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
    validate: /usr/bin/openssl x509 -in %s -noout
  with_first_found:
    - "/srv/letsencrypt/live/{{ mail_server }}/cert.pem"
    - "/srv/ca/certs/hosts/{{ mail_server }}.crt"
    - "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
  tags: certificates
  notify: Restart sendmail

- name: Copy certificate chain
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "{{ tls_certs }}/{{ mail_server }}-chain.crt"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
    validate: /usr/bin/openssl x509 -in %s -noout
  with_first_found:
    - "/srv/letsencrypt/live/{{ mail_server }}/chain.pem"
    - "/srv/ca/certs/ca.crt"
  tags: certificates
  notify: Restart sendmail

- name: Fix SELinux contexts from data directory
  community.general.sefcontext:
    path: "/export/mail(/.*)?"
    setype: mail_spool_t

- name: Create data directory
  ansible.builtin.file:
    path: /export/mail
    state: directory
    mode: 0775
    owner: root
    group: mail
    setype: _default

- name: Backup old data directory
  ansible.builtin.command:
    argv:
      - mv
      - /var/spool/mail
      - /var/spool/mail.backup
    creates: /var/spool/mail.backup

- name: Link data directory
  ansible.builtin.file:
    path: /var/spool/mail
    src: /export/mail
    state: link
    owner: root
    group: root
    setype: _default
    follow: false
    force: true

- name: Create sendmail.mc
  ansible.builtin.template:
    src: sendmail.mc.j2
    dest: /etc/mail/sendmail.mc
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
    validate: /bin/sh -c '/usr/bin/m4 %s > /dev/null'
  notify: Update sendmail config

- name: Copy aliases
  ansible.builtin.copy:
    src: "{{ ansible_private }}/files/sendmail/aliases"
    dest: /etc/aliases
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Update aliases

- name: Enable service
  ansible.builtin.service:
    name: sendmail
    enabled: true
    state: started