---

- name: Fix DKIM key ownership
  become: true
  loop: "{{ dkim_txt_record.results }}"
  ansible.builtin.file:
    path: "/var/lib/rspamd/dkim/{{ item.domain }}.{{ dkim_selector }}.key"
    owner: _rspamd
    group: root
    mode: "600"

- name: Save DKIM TXT record to a file
  become: true
  loop: "{{ dkim_txt_record.results }}"
  ansible.builtin.copy:
    content: "{{ item.stdout }}"
    dest: "/var/lib/rspamd/dkim/{{ item.domain }}.{{ dkim_selector }}.dns"
    owner: root
    group: root
    mode: "600"
  when: not item.stdout.startswith('skipped')

- name: Add selector to DKIM selectors map
  become: true
  loop: "{{ dkim_txt_record.results }}"
  ansible.builtin.lineinfile:
    path: /etc/rspamd/dkim_selectors.map
    line: "{{ item.domain }} {{ dkim_selector }}"
    create: true
    owner: root
    group: root
    mode: "644"
  notify: Reload rspamd service