---
# Installs and configures the Rspamd spam filtering system.

- name: Ensure repository key for Rspamd is in place
  apt_key: url=https://rspamd.com/apt-stable/gpg.key state=present
  when: ansible_architecture != "armv7l"
  tags:
    - dependencies

- name: Ensure yunohost repository key for Rspamd is in place for ARM
  apt_key: url=http://repo.yunohost.org/debian/yunohost.asc state=present
  when: ansible_architecture == "armv7l"
  tags:
    - dependencies

- name: Add Rspamd repository
  apt_repository: repo="deb https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
  when: ansible_architecture != "armv7l"
  tags:
    - dependencies

- name: Add yunohost Rspamd repository for ARM
  apt_repository: repo="deb http://repo.yunohost.org/debian {{ ansible_distribution_release }} stable"
  when: ansible_architecture == "armv7l"
  tags:
    - dependencies

- name: Install Rspamd and Redis
  apt: pkg={{ item }} state=present update_cache=yes
  with_items:
    - rspamd
    - redis-server
  tags:
    - dependencies

- name: Copy DMARC configuration into place
  template: src=etc_rspamd_local.d_dmarc.conf.j2 dest=/etc/rspamd/local.d/dmarc.conf owner=root group=root mode="0644"
  notify: restart rspamd

- name: Configure Rspamd to use Redis
  copy: src=etc_rspamd_local.d_redis.conf dest=/etc/rspamd/local.d/redis.conf owner=root group=root mode="0644"
  notify: restart rspamd

- name: Copy DKIM configuration into place
  copy: src=etc_rspamd_override.d_dkim_signing.conf dest=/etc/rspamd/override.d/dkim_signing.conf owner=root group=root mode="0644"
  notify: restart rspamd

- name: Create dkim key directory
  file: path=/var/lib/rspamd/dkim state=directory owner=_rspamd group=_rspamd

- name: Generate DKIM keys
  shell: rspamadm dkim_keygen -s default -d {{ item.name }} -k {{ item.name }}.default.key > {{ item.name }}.default.txt
  args:
    creates: /var/lib/rspamd/dkim/{{ item.name }}.default.key
    chdir: /var/lib/rspamd/dkim/
  with_items: "{{ mail_virtual_domains }}"

- name: Start redis
  service: name=redis-server state=started