---
- name: dkim | Manage the DKIM packages in EL systems
  when:
    - ansible_distribution_file_variety == "RedHat"
    - postfix_dkim_enabled
  tags: ['postfix', 'postfix_dkim', 'dkim']
  block:
    - name: dkim | Install the DKIM packages on EL
      ansible.builtin.yum:
        pkg: '{{ postfix_dkim_el_pkgs }}'
        state: present


- name: dkim | Manage the DKIM packages in DEB systems
  when:
    - ansible_distribution_file_variety == "Debian"
    - postfix_dkim_enabled
  tags: ['postfix', 'postfix_dkim', 'dkim']
  block:
    - name: dkim | Install the DKIM packages on DEB
      ansible.builtin.apt:
        pkg: '{{ postfix_dkim_deb_pkgs }}'
        state: present
        cache_valid_time: 1800

- name: dkim | DKIM configuration
  tags: ['postfix', 'postfix_dkim', 'dkim', 'postfix_conf', 'dkim_conf']
  block:
    - name: dkim | Create the dkim domains subdirs
      ansible.builtin.file:
        dest: '{{ postfix_dkim_base_dir }}/{{ item.domain }}'
        state: directory
        mode: "0750"
        owner: '{{ postfix_dkim_user }}'
        group: '{{ postfix_dkim_group }}'
      loop: '{{ postfix_dkim_domains }}'

    - name: dkim | Create the dkim signatures
      become: true
      become_user: '{{ postfix_dkim_user }}'
      ansible.builtin.command: opendkim-genkey -D {{ postfix_dkim_base_dir }}/{{ item.domain }} -d {{ item.domain }} -s {{ item.dkim_selector }}
      args:
        creates: '{{ postfix_dkim_base_dir }}/{{ item.domain }}/{{ item.dkim_selector }}.private'
      loop: '{{ postfix_dkim_domains }}'
      notify: restart opendkim

    - name: dkim | Update the keytable and signitable files
      ansible.builtin.template:
        src: 'dkim_{{ item }}.j2'
        dest: '{{ postfix_dkim_base_dir }}/{{ item }}'
        owner: '{{ postfix_dkim_user }}'
        group: '{{ postfix_dkim_group }}'
        mode: "0600"
      loop:
        - keytable
        - signingtable
      notify: restart opendkim

    - name: dkim | Install the trustedhosts list when defined
      ansible.builtin.template:
        src: 'dkim_trustedhosts.j2'
        dest: '{{ postfix_dkim_base_dir }}/trustedhosts'
        owner: '{{ postfix_dkim_user }}'
        group: '{{ postfix_dkim_group }}'
        mode: "0600"
      notify: restart opendkim
      when: postfix_dkim_trusted_hosts_enabled

    - name: dkim | Install the opendkim configuration
      ansible.builtin.template:
        src: opendkim.conf.j2
        dest: '{{ postfix_dkim_conf }}'
        owner: root
        group: root
        mode: "0644"
      notify: restart opendkim

- name: dkim | Manage the DKIM service
  tags: ['postfix', 'postfix_dkim', 'dkim']
  block:
    - name: dkim | Ensure that the opendkim service is started and enabled
      ansible.builtin.service:
        name: opendkim
        state: started
        enabled: true