---

- name: Install needed packages
  become: true
  ansible.builtin.apt:
    name:
      - dovecot-pgsql
      - dovecot-imapd
      - dovecot-managesieved
      - dovecot-lmtpd

- name: Create vmail group
  become: true
  ansible.builtin.group:
    name: vmail
    gid: 5000
    state: present

- name: Create vmail user
  become: true
  ansible.builtin.user:
    name: vmail
    uid: 5000
    group: vmail
    home: /var/vmail
    create_home: true
    state: present

- name: Add login to auth_mechanisms
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-auth.conf
    regexp: '^auth_mechanisms =.*'
    line: auth_mechanisms = plain login
  notify: Reload dovecot service

- name: Remove system auth
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-auth.conf
    regexp: '^#?\!include auth-system.conf.ext'
    line: '#!include auth-system.conf.ext'
  notify: Reload dovecot service

- name: Add SQL auth
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-auth.conf
    regexp: '^#?\!include auth-sql.conf.ext'
    line: '!include auth-sql.conf.ext'
  notify: Reload dovecot service

- name: Configure mail_location
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-mail.conf
    regexp: '^mail_location =.*'
    line: mail_location = maildir:~/Maildir
  notify: Reload dovecot service

- name: Add quota plugin
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-mail.conf
    regexp: '^#?mail_plugins =.*'
    line: mail_plugins = quota
  notify: Reload dovecot service

- name: Add postfix auth socket config
  become: true
  ansible.builtin.blockinfile:
    path: /etc/dovecot/conf.d/10-master.conf
    block: |
      unix_listener /var/spool/postfix/private/auth {
        mode = 0660
        user = postfix
        group = postfix
      }
    insertafter: '# Postfix smtp-auth'
    marker: "# {mark} ANSIBLE MANAGED BLOCK AUTH"
  notify: Reload dovecot service

- name: Add postfix lmtp socket config
  become: true
  ansible.builtin.blockinfile:
    path: /etc/dovecot/conf.d/10-master.conf
    block: |
      unix_listener /var/spool/postfix/private/dovecot-lmtp {
        mode = 0600
        user = postfix
        group = postfix
      }
    insertafter: 'service lmtp'
    marker: "# {mark} ANSIBLE MANAGED BLOCK LMTP"
  notify: Reload dovecot service

- name: Add ssl cert and key config
  become: true
  loop:
    - regexp: '^ssl_cert =.*'
      line: "ssl_cert = </etc/letsencrypt/live/{{ add_cert_domain }}/fullchain.pem"
    - regexp: '^ssl_key =.*'
      line: "ssl_key = </etc/letsencrypt/live/{{ add_cert_domain }}/privkey.pem"
    - regexp: '^ssl =.*'
      line: ssl = required
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/10-ssl.conf
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  notify: Reload dovecot service

- name: Copy dovecot-sql.conf.ext
  become: true
  ansible.builtin.template:
    src: dovecot-sql.conf.ext.j2
    dest: /etc/dovecot/dovecot-sql.conf.ext
    owner: root
    group: root
    mode: "640"
  notify: Reload dovecot service

- name: Add sieve plugin
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/20-lmtp.conf
    regexp: '^(\s*)#?mail_plugins =.*'
    backrefs: true
    line: '\1mail_plugins = $mail_plugins sieve'
  notify: Reload dovecot service

- name: Copy quota-warning script
  become: true
  ansible.builtin.template:
    src: quota-warning.sh.j2
    dest: /usr/local/bin/quota-warning.sh
    mode: "755"

- name: Copy 90-quota.conf
  become: true
  ansible.builtin.template:
    src: conf.d/90-quota.conf.j2
    dest: /etc/dovecot/conf.d/90-quota.conf
    mode: "644"
  notify: Reload dovecot service

- name: Add sieve_after sieve config
  become: true
  ansible.builtin.lineinfile:
    path: /etc/dovecot/conf.d/90-sieve.conf
    regexp: '^(\s*)#?sieve_after =.*'
    backrefs: true
    line: '\1sieve_after = /etc/dovecot/sieve-after'
  notify: Reload dovecot service

- name: Create sieve-after directory
  become: true
  ansible.builtin.file:
    path: /etc/dovecot/sieve-after
    state: directory
    owner: root
    group: root
    mode: "755"

- name: Copy spam-to-folder.sieve
  become: true
  ansible.builtin.template:
    src: spam-to-folder.sieve.j2
    dest: /etc/dovecot/sieve-after/spam-to-folder.sieve
    owner: root
    group: root
    mode: "644"
  notify: Compile spam-to-folder.sieve