---

- name: Install needed packages
  become: true
  ansible.builtin.apt:
    name:
      - postfix

- name: Copy configuration files
  become: true
  loop:
    - sql-virtual-mailbox-domains.cf
    - sql-virtual-mailbox-maps.cf
    - sql-virtual-alias-maps.cf
  ansible.builtin.template:
    src: "{{ item }}.j2"
    dest: "/etc/postfix/{{ item }}"
    owner: root
    group: postfix
    mode: "640"

- name: Add configuration lines
  become: true
  loop:
    - virtual_mailbox_domains = pgsql:/etc/postfix/sql-virtual-mailbox-domains.cf
    - virtual_mailbox_maps = pgsql:/etc/postfix/sql-virtual-mailbox-maps.cf
    - virtual_alias_maps = pgsql:/etc/postfix/sql-virtual-alias-maps.cf
    - virtual_transport = lmtp:unix:private/dovecot-lmtp
    - smtpd_recipient_restrictions = reject_unauth_destination,check_policy_service unix:private/quota-status
    - smtpd_sasl_type = dovecot
    - smtpd_sasl_path = private/auth
    - smtpd_sasl_auth_enable = yes
    - smtpd_tls_security_level = may
    - smtpd_tls_auth_only = yes
    - "smtpd_tls_cert_file = /etc/letsencrypt/live/{{ ansible_hostname }}.{{ virtual_domain }}/fullchain.pem"
    - "smtpd_tls_key_file = /etc/letsencrypt/live/{{ ansible_hostname }}.{{ virtual_domain }}/privkey.pem"
    - smtp_tls_security_level = may
  ansible.builtin.lineinfile:
    path: /etc/postfix/main.cf
    line: "{{ item }}"
  notify: Reload postfix service