---
- yum: name={{ item }} state=installed
  with_items:
  - postfix

- set_fact: use_sasl=True
  when: sasl_user is defined and sasl_pass is defined

- set_fact: use_tls=True
  when: use_sasl == True

- set_fact: use_local=True
  when: local_users is defined

- service: name=postfix state=started enabled=yes

- template: dest=/etc/postfix/main.cf src=main.cf
  notify: restart postfix

- copy: dest=/etc/aliases src=aliases
  notify: rebuild aliases

- template: dest=/etc/postfix/aliases.{{ item }} src=aliases.{{ item }}
  notify: update postfix aliases
  with_items:
  - users
  - local

- shell: lokkit -s {{ item }}
  with_items:
  - smtp
  when:  ansible_distribution_major_version == '6' and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat')

- firewalld: service={{ item }} permanent=true state=enabled
  with_items:
  - smtp
  when: ansible_distribution == 'Fedora' or ansible_distribution_major_version == '7'

- shell: creates={{ postfix_cert }} openssl req -x509 -newkey rsa:2048 -keyout {{ postfix_key }} -out {{ postfix_cert }} -days 3650 -nodes -subj '/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc./OU=OSAS/CN={{ ansible_domain }}/emailAddress=postmaster@{{ ansible_domain }}'
  when: use_tls
# TODO enforce proper permission on cert + selinux

- group: name=mail
  register: mail_group

- user: name=nobody
  register: nobody_user
  when: use_local

- file: state=directory path=/var/mail/discourse{{ item }} owner={{ nobody_user.uid }} group={{ mail_group.gid }}
  with_items:
  - /
  - /cur
  - /tmp
  - /new
  when: use_local

- template: src={{ item }} dest=/etc/postfix/{{ item }}
  notify: update postfix maps
  with_items:
  - local_recipient
  when: use_local


- copy: src=smtpd.sasl.conf dest=/etc/sasl2/smtpd.conf
  when: use_sasl
# TODO check if needed
  notify: restart saslauthd

- shell: echo {{ sasl_pass }} | saslpasswd2  -a smtpd -u {{ ansible_domain }} -c {{ sasl_user }} -p
  when: use_sasl

- file: path=/etc/sasldb2 owner=root group=mail mode=0640
  when: use_sasl