---
- name: check support
  fail:
    msg: Role not supported in your system
  when: ansible_os_family != "RedHat"

- name: install postfix
  package:
    name: postfix
    state: installed

- name: set postfix as system mta
  alternatives:
    name: mta
    path: /usr/sbin/sendmail.postfix

- name: configure myhostname
  lineinfile:
    path: /etc/postfix/main.cf
    regexp: '^myhostname\s*='
    insertafter: '^#myhostname\s*='
    line: "myhostname = {{ inventory_hostname }}"
  notify: restart postfix

- name: configure myorigin
  lineinfile:
    path: /etc/postfix/main.cf
    regexp: '^myorigin\s*='
    insertafter: '^#myorigin\s*='
    line: "myorigin = {{ mail_domain }}"
  notify: restart postfix
  when: mail_domain is defined

- name: configure mydestination
  lineinfile:
    path: /etc/postfix/main.cf
    regexp: '^mydestination\s*='
    insertafter: '^#mydestination\s*='
    line: 'mydestination = ""'
  notify: restart postfix
  when:
    - mail_domain is defined
    - mail_server is defined

- block:
    - name: install stunnel
      package:
        name: stunnel
        state: installed

    - name: create group smtps
      group:
        name: smtps
        system: true

    - name: create user smtps
      user:
        name: smtps
        comment: Service Stunnel-SMTPS
        createhome: false
        group: smtps
        home: /var/empty
        shell: /sbin/nologin
        system: true

    - name: create stunnel config
      template:
        src: stunnel.conf.j2
        dest: /etc/stunnel/smtps.conf
        mode: 0644
        owner: root
        group: "{{ ansible_wheel }}"
      notify: restart stunnel-smtps

    - name: create stunnel systemd service
      copy:
        src: stunnel-smtps.service
        dest: /etc/systemd/system/stunnel-smtps.service
        mode: 0644
        owner: root
        group: "{{ ansible_wheel }}"
      notify: restart stunnel-smtps

    - name: enable stunnel service
      service:
        name: stunnel-smtps
        state: started
        enabled: true

    - name: configure relayhost
      lineinfile:
        path: /etc/postfix/main.cf
        regexp: '^relayhost\s*='
        insertafter: '^#relayhost\s*='
        line: "relayhost = [localhost]:2525"
      notify: restart postfix

  when:
    - ansible_distribution_major_version|int < 8
    - mail_server is defined

- block:
    - name: configure relayhost
      lineinfile:
        path: /etc/postfix/main.cf
        regexp: '^relayhost\s*='
        insertafter: '^#relayhost\s*='
        line: "relayhost = [{{ mail_server }}]:465"
      notify: restart postfix

    - name: configure smtp_tls_security_level
      lineinfile:
        path: /etc/postfix/main.cf
        regexp: '^smtp_tls_security_level\s*='
        insertafter: '^#?relayhost\s*='
        line: "smtp_tls_security_level = encrypt"
      notify: restart postfix

    - name: configure smtp_tls_wrappermode
      lineinfile:
        path: /etc/postfix/main.cf
        regexp: '^smtp_tls_wrappermode\s*='
        insertafter: '^#?relayhost\s*='
        line: "smtp_tls_wrappermode = yes"
      notify: restart postfix

  when:
    - ansible_distribution_major_version|int >= 8
    - mail_server is defined

- name: enable postfix service
  service:
    name: postfix
    state: started
    enabled: true