---

- name: Copy dkim_signing local config
  become: true
  ansible.builtin.template:
    src: dkim_signing.conf.j2
    dest: /etc/rspamd/local.d/dkim_signing.conf
    owner: root
    group: root
    mode: "644"
  notify: Reload rspamd service

- name: Create dkim directory for the key file
  become: true
  ansible.builtin.file:
    path: /var/lib/rspamd/dkim
    state: directory
    owner: _rspamd
    group: _rspamd
    mode: "700"

- name: Set DKIM selector
  ansible.builtin.set_fact:
    dkim_selector: "{{ '%Y%m%d01' | strftime }}"

- name: Create keypair
  become: true
  loop: "{{ virtual_domains }}"
  loop_control:
    loop_var: domain
  ansible.builtin.command:
    chdir: /var/lib/rspamd/dkim
    cmd: "rspamadm dkim_keygen -d {{ domain }} -s {{ dkim_selector }} -k {{ domain }}.{{ dkim_selector }}.key"
    creates: "/var/lib/rspamd/dkim/{{ domain }}.*.key"
  register: dkim_txt_record
  notify:
    - Fix DKIM key ownership
    - Save DKIM TXT record to a file
    - Add selector to DKIM selectors map