---

- name: install packages
  package:
    name: "{{ item }}"
    state: installed
  with_items:
    - make
    - sendmail
    - sendmail-cf

- name: create root cert directory
  file:
    path: /etc/mail/certs
    state: directory
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"

- name: copy private key
  copy:
    dest: "{{ tls_private }}/{{ mail_server }}.key"
    src: "{{ item }}"
    mode: 0600
    owner: root
    group: "{{ ansible_wheel }}"
  with_first_found:
    - "/srv/letsencrypt/live/{{ mail_server }}/privkey.pem"
    - "/srv/ca/private/{{ mail_server }}.key"
    - "/srv/ca/private/{{ inventory_hostname }}.key"
  tags: certificates
  notify: restart sendmail

- name: copy certificate
  copy:
    src: "{{ item }}"
    dest: "{{ tls_certs }}/{{ mail_server }}.crt"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
    validate: /usr/bin/openssl x509 -in %s -noout
  with_first_found:
    - "/srv/letsencrypt/live/{{ mail_server }}/cert.pem"
    - "/srv/ca/certs/{{ mail_server }}.crt"
    - "/srv/ca/certs/{{ inventory_hostname }}.crt"
  tags: certificates
  notify: restart sendmail

- name: copy certificate chain
  copy:
    src: "{{ item }}"
    dest: "{{ tls_certs }}/{{ mail_server }}-chain.crt"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
    validate: /usr/bin/openssl x509 -in %s -noout
  with_first_found:
    - "/srv/letsencrypt/live/{{ mail_server }}/chain.pem"
    - "/srv/ca/certs/ca.crt"
  tags: certificates
  notify: restart sendmail

- name: fix selinux contexts from data directory
  sefcontext:
    path: "/export/mail(/.*)?"
    setype: mail_spool_t

- name: create data directory
  file:
    path: /export/mail
    state: directory
    mode: 0775
    owner: root
    group: mail
    setype: _default

- name: backup old data directory
  command:
    argv:
      - mv
      - /var/spool/mail
      - /var/spool/mail.backup
    creates: /var/spool/mail.backup

- name: link data directory
  file:
    path: /var/spool/mail
    src: /export/mail
    state: link
    owner: root
    group: root
    setype: _default
    follow: false
    force: true

- name: copy sendmail config template
  template:
    src: sendmail.mc.j2
    dest: /etc/mail/sendmail.mc
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
    validate: /bin/sh -c '/usr/bin/m4 %s > /dev/null'
  notify: update sendmail config

- name: enable sendmail service
  service:
    name: sendmail
    enabled: true
    state: started