---
- name: "TLS-helper | Clone repository"
  ansible.builtin.git:
    repo: "https://github.com/systemli/mail-tls-helper.git"
    dest: "/opt/mail-tls-helper"
    version: main

- name: "TLS-helper | Copy Readme"
  ansible.builtin.copy:
    src: mail-tls-helper/readme.txt
    dest: /opt/mail-tls-helper/
    mode: "0644"

- name: "TLS-help | Copy allowlist"
  ansible.builtin.template:
    src: postfix/allowlist.txt
    dest: /opt/mail-tls-helper/allowlist.txt
    mode: "0644"

- name: "TLS-helper | Create directory"
  ansible.builtin.file:
    path: "{{ tls_helper_postfix_dir }}"
    state: directory
    owner: postfix
    group: postfix
    mode: "0755"

- name: "TLS-helper | Create transport map"
  ansible.builtin.file:
    path: "{{ tls_helper_postfix_dir }}/{{ tls_helper_domains_file }}"
    state: touch
    owner: postfix
    group: postfix
    mode: "0644"

- name: "TLS-helper | Run postmap"
  ansible.builtin.command:
    cmd: "postmap {{ postfix_default_db_type }}:{{ tls_helper_domains_file }}"
    chdir: "{{ tls_helper_postfix_dir }}"

- name: "TLS-helper | Link files"
  ansible.builtin.file:
    path: "{{ postfix_conf_dir }}/{{ item }}"
    src: "{{ tls_helper_postfix_dir }}/{{ item }}"
    state: link
  loop:
    - "{{ tls_helper_domains_file }}"
    - "{{ tls_helper_domains_file }}.{{ postfix_default_db_type }}"

- name: "TLS-helper | Remove default logrotate configuration for mail logging"
  ansible.builtin.lineinfile:
    path: /etc/logrotate.d/rsyslog
    line: "{{ item }}"
    state: absent
  loop:
    - /var/log/mail.info
    - /var/log/mail.warn
    - /var/log/mail.err
    - /var/log/mail.log

- name: "TLS-helper | Create new logrotate configuration"
  ansible.builtin.template:
    src: logrotate.conf
    dest: /etc/logrotate.d/maillog
    mode: "0644"