---
- name: Install packages
  ansible.builtin.package:
    name: opendkim
    state: installed

- name: Fix SELinux contexts from keystore
  community.general.sefcontext:
    path: "/export/dkim(/.*)?"
    setype: etc_t

- name: Create keystore
  ansible.builtin.file:
    path: /export/dkim
    state: directory
    mode: "0710"
    owner: root
    group: opendkim
    setype: _default

- name: Link keystore
  ansible.builtin.file:
    dest: /srv/dkim
    src: /export/dkim
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

- name: Add keystore Makefile
  ansible.builtin.copy:
    dest: /srv/dkim/Makefile
    src: keystore.Makefile
    mode: "0600"
    owner: root
    group: "{{ ansible_wheel }}"
    setype: _default

- name: Set selector
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?Selector\s'
    line: "Selector\t{{ opendkim_selector }}"
  notify: Restart opendkim

- name: Set key file path
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?KeyFile\s'
    line: "KeyFile\t/srv/dkim/{{ opendkim_selector }}.key"
  notify: Restart opendkim

- name: Enable signing and verifying messages
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?Mode\s'
    line: "Mode\tsv"
  notify: Restart opendkim

- name: Configure signing domains
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?Domain\s'
    line: "Domain\t{{ mail_domain }}"
  notify: Restart opendkim

- name: Configure report address
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?ReportAddress\s'
    line: "ReportAddress\tpostmaster@{{ mail_domain }}"
  notify: Restart opendkim

- name: Don't add DKIM-Filter header
  ansible.builtin.lineinfile:
    path: /etc/opendkim.conf
    regexp: '^(# )?SoftwareHeader\s'
    line: "SoftwareHeader\tno"
  notify: Restart opendkim

- name: Enable service
  ansible.builtin.service:
    name: opendkim
    state: started
    enabled: true