---
- name: Ensure required packages are up to date
  ansible.builtin.apt:
    name:
      - postfix
      - libsasl2-modules
      - sasl2-bin
    state: latest
  become: true
  become_method: sudo

- name: Ensure configuration files are up to date
  ansible.builtin.copy:
    src: "{{ item.file }}"
    dest: "{{ item.path }}/{{ item.file }}"
  with_items:
    - file: master.cf
      path: /etc/postfix
    - file: smtpd.conf
      path: /etc/postfix/sasl
    - file: saslauthd-postfix
      path: /etc/default
    - file: aliases
      path: /etc
  notify: restart_postfix
  become: true
  become_method: sudo

- name: Ensure configuration templates are up to date
  ansible.builtin.template:
    src: "{{ item.file }}.j2"
    dest: "{{ item.path }}/{{ item.file }}"
  with_items:
    - file: main.cf
      path: /etc/postfix
    - file: sasl_passwd
      path: /etc/postfix
    - file: mailname
      path: /etc
  notify:
    - remap_aliases
    - remap_sasl_passwd
    - restart_postfix
  become: true
  become_method: sudo

- name: Ensure postfix user is in sasl group
  ansible.builtin.user:
    name: postfix
    groups: sasl
    append: true
    create_home: false
  become: true
  become_method: sudo

- name: Check if fail2ban is installed
  ansible.builtin.stat:
    path: /etc/fail2ban/jail.d/defaults-debian.conf
  register: fail2ban_check

- name: Add postfix & sasl2 to fail2ban if fail2ban installed
  ansible.builtin.blockinfile:
    path: /etc/fail2ban/jail.d/defaults-debian.conf
    block: |
      [postfix]
      enabled = true

      [postfix-sasl]
      enabled = true
  when: fail2ban_check.stat.exists is defined and fail2ban_check.stat.exists
  notify: restart_fail2ban
  become: true
  become_method: sudo

# - You can list users on the server by running: sudo sasldblistusers2
# - saslpasswd2 won't create duplicate users so we can safely run this
#   as many times as we want with the same user list.
- name: Ensure local smtp users are configured (will always change)
  ansible.builtin.shell:
    executable: /bin/bash
    cmd: ' echo {{ item.password }} | saslpasswd2 -p -c -u {{ local_smtp_relay_hostname }} -a smtpauth {{ item.username }}'
  with_items: "{{ smtp_users }}"
  become: true
  become_method: sudo

- name: Ensure services are started & enabled
  ansible.builtin.service:
    name: "{{ item }}"
    state: started
    enabled: true
  with_items:
    - postfix
    - saslauthd
  become: true
  become_method: sudo