---

- name: Install needed packages
  become: true
  ansible.builtin.apt:
    name:
      - dovecot-pgsql
      - dovecot-imapd
      - dovecot-managesieved
      - dovecot-lmtpd

- name: Create a LV for /var/vmail
  become: true
  community.general.lvol:
    vg: "vg_{{ ansible_hostname }}"
    lv: vmail
    state: present
    size: 5g
    resizefs: true

- name: Format vmail LV to ext4
  become: true
  community.general.filesystem:
    dev: "/dev/vg_{{ ansible_hostname }}/vmail"
    fstype: ext4
    resizefs: true
    state: present

- name: Mount /var/vmail
  become: true
  ansible.posix.mount:
    src: "/dev/vg_{{ ansible_hostname }}/vmail"
    path: /var/vmail
    state: mounted
    fstype: ext4

- name: Create vmail group
  become: true
  ansible.builtin.group:
    name: vmail
    gid: 5000
    state: present

- name: Create vmail user
  become: true
  ansible.builtin.user:
    name: vmail
    uid: 5000
    group: vmail
    home: /var/vmail
    create_home: false
    state: present

- name: Set ownership for /var/vmail
  become: true
  ansible.builtin.file:
    path: /var/vmail
    state: directory
    owner: vmail
    group: vmail
    recurse: true

- name: Add login to auth_mechanisms
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-auth.conf
    regexp: '^auth_mechanisms =.*'
    line: auth_mechanisms = plain login
  notify: Reload dovecot service

- name: Remove system auth
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-auth.conf
    regexp: '^#?\!include auth-system.conf.ext'
    line: '#!include auth-system.conf.ext'
  notify: Reload dovecot service

- name: Add SQL auth
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-auth.conf
    regexp: '^#?\!include auth-sql.conf.ext'
    line: '!include auth-sql.conf.ext'
  notify: Reload dovecot service

- name: Configure mail_location
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-mail.conf
    regexp: '^mail_location =.*'
    line: 'mail_location = maildir:~/Maildir'
  notify: Reload dovecot service

- name: Add quota plugin
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-mail.conf
    regexp: '^#?mail_plugins =.*'
    line: 'mail_plugins = quota'
  notify: Reload dovecot service

- name: Add postfix auth socket config
  become: true
  ansible.builtin.blockinfile:
    path: /etc/dovecot/conf.d/10-master.conf
    block: |
      {% filter indent(width=2, first=true) %}
      unix_listener /var/spool/postfix/private/auth {
        mode = 0600
        user = postfix
        group = postfix
      }
      {% endfilter %}
    insertafter: '# Postfix smtp-auth'
    marker: "  # {mark} ANSIBLE MANAGED BLOCK AUTH"
  notify: Reload dovecot service

- name: Add postfix lmtp socket config
  become: true
  ansible.builtin.blockinfile:
    path: /etc/dovecot/conf.d/10-master.conf
    block: |
      {% filter indent(width=2, first=true) %}
      unix_listener /var/spool/postfix/private/dovecot-lmtp {
        mode = 0600
        user = postfix
        group = postfix
      }
      {% endfilter %}
    insertafter: 'service lmtp'
    marker: "  # {mark} ANSIBLE MANAGED BLOCK LMTP"
  notify: Reload dovecot service

- name: Add ssl cert and key config
  become: true
  loop:
    - regexp: '^ssl_cert =.*'
      line: "ssl_cert = </etc/letsencrypt/live/{{ add_cert_domain }}/fullchain.pem"
    - regexp: '^ssl_key =.*'
      line: "ssl_key = </etc/letsencrypt/live/{{ add_cert_domain }}/privkey.pem"
    - regexp: '^ssl =.*'
      line: ssl = required
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-ssl.conf
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  notify: Reload dovecot service

- name: Copy dovecot-sql.conf.ext
  become: true
  ansible.builtin.template:
    src: dovecot-sql.conf.ext.j2
    dest: /etc/dovecot/dovecot-sql.conf.ext
    owner: root
    group: root
    mode: "640"
  notify: Reload dovecot service

- name: Add sieve plugin
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/20-lmtp.conf
    regexp: '^(\s*)#?mail_plugins =.*'
    backrefs: true
    line: '\1mail_plugins = $mail_plugins sieve'
  notify: Reload dovecot service

- name: Copy quota-warning script
  become: true
  ansible.builtin.copy:
    src: quota-warning.sh
    dest: /usr/local/bin/quota-warning.sh
    mode: "755"

- name: Copy 90-quota.conf
  become: true
  ansible.builtin.template:
    src: conf.d/90-quota.conf.j2
    dest: /etc/dovecot/conf.d/90-quota.conf
    mode: "644"
  notify: Reload dovecot service

- name: Add sieve_after sieve config
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/90-sieve.conf
    regexp: '^(\s*)#?sieve_after =.*'
    backrefs: true
    line: '\1sieve_after = /etc/dovecot/sieve-after'
  notify: Reload dovecot service

- name: Create sieve directories
  become: true
  ansible.builtin.file:
    path: "/etc/dovecot/{{ item }}"
    state: directory
    owner: root
    group: root
    mode: "755"
  loop:
    - sieve
    - sieve-after

- name: Copy spam-to-folder.sieve
  become: true
  ansible.builtin.template:
    src: spam-to-folder.sieve.j2
    dest: /etc/dovecot/sieve-after/spam-to-folder.sieve
    owner: root
    group: root
    mode: "644"
  notify: Compile spam-to-folder.sieve

- name: Add autoexpunge mailbox config (Junk)
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/15-mailboxes.conf
    line: "    autoexpunge = 30d"
    insertafter: "mailbox Junk"
  notify: Reload dovecot service

- name: Add autoexpunge mailbox config (Trash)
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/15-mailboxes.conf
    line: "    autoexpunge = 30d"
    insertafter: "mailbox Trash"
  notify: Reload dovecot service

- name: Add subscribe mailbox config (Junk)
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/15-mailboxes.conf
    line: "    auto = subscribe"
    insertafter: 'special_use =.*Junk'
  notify: Reload dovecot service

- name: Add subscribe mailbox config (Trash)
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/15-mailboxes.conf
    line: "    auto = subscribe"
    insertafter: 'special_use =.*Trash'
  notify: Reload dovecot service

- name: Add imap_sieve plugin
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/20-imap.conf
    regexp: '^(\s*)#?mail_plugins =.*'
    backrefs: true
    line: '\1mail_plugins = $mail_plugins quota imap_sieve'
  notify: Reload dovecot service

- name: Add imapsieve config for Junk training
  become: true
  ansible.builtin.blockinfile:
    path: /etc/dovecot/conf.d/90-sieve.conf
    block: |
      {% filter indent(width=2, first=true) %}
      # From elsewhere to Junk folder
      imapsieve_mailbox1_name = Junk
      imapsieve_mailbox1_causes = COPY
      imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve
      # From Junk folder to elsewhere
      imapsieve_mailbox2_name = *
      imapsieve_mailbox2_from = Junk
      imapsieve_mailbox2_causes = COPY
      imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve

      sieve_pipe_bin_dir = /etc/dovecot/sieve
      {% endfilter %}
    insertafter: 'plugin {'
    marker: "  # {mark} ANSIBLE MANAGED BLOCK IMAPSIEVE"
  notify: Reload dovecot service

- name: Add configs for imapsieve
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/90-sieve.conf
    regexp: '^(\s*)#?{{ item.key }} =.*'
    backrefs: true
    line: '\1{{ item.key }} = {{ item.val }}'
  loop:
    - key: sieve_global_extensions
      val: '+vnd.dovecot.pipe'
    - key: sieve_plugins
      val: 'sieve_imapsieve sieve_extprograms'
  notify: Reload dovecot service

- name: Copy learn-spam.sieve
  become: true
  ansible.builtin.template:
    src: learn-spam.sieve.j2
    dest: /etc/dovecot/sieve/learn-spam.sieve
    owner: root
    group: root
    mode: "600"
  notify: Compile learn-spam.sieve

- name: Copy learn-ham.sieve
  become: true
  ansible.builtin.template:
    src: learn-ham.sieve.j2
    dest: /etc/dovecot/sieve/learn-ham.sieve
    owner: root
    group: root
    mode: "600"
  notify: Compile learn-ham.sieve

- name: Copy rspamd-learn-spam.sh and rspamd-learn-ham.sh scripts
  become: true
  ansible.builtin.template:
    src: "rspamd-learn-{{ item }}.sh.j2"
    dest: "/etc/dovecot/sieve/rspamd-learn-{{ item }}.sh"
    owner: root
    group: root
    mode: "700"
  loop:
    - spam
    - ham

- name: Allow incoming IMAP/IMAPS
  become: true
  ansible.builtin.copy:
    src: nftables/input.d/imap-imaps.conf
    dest: /etc/nftables/input.d/imap-imaps.conf
    mode: 0640
  notify: Reload nftables service

- name: Allow incoming ManageSieve
  become: true
  ansible.builtin.copy:
    src: nftables/input.d/managesieve.conf
    dest: /etc/nftables/input.d/managesieve.conf
    mode: 0640
  notify: Reload nftables service