- include: service.yaml
  # static: yes # see static include issue: https://github.com/ansible/ansible/issues/13485
  vars:
    service_name: dovecot
    service_packages:
      - dovecot-ldap
      - dovecot-imapd
      - rsyslog

- lineinfile: dest=/etc/postfix/main.cf line="virtual_transport = dovecot" state=present
  notify: restart postfix

- blockinfile:
    dest: /etc/postfix/master.cf
    block: |
      dovecot   unix  -       n       n       -       -       pipe
        flags=DRhu user=postman:postman argv=/usr/lib/dovecot/deliver -d ${recipient} -f ${sender}
  notify: restart postfix

- name: create postman group
  group: name=postman state=present

- name: create postman user
  user: name=postman state=present shell=/dev/null

- name: edit dovecot configuration
  lineinfile: dest=/etc/dovecot/conf.d/10-master.conf line='    port = 143' insertafter='inet_listener imap {' state=present
  notify: restart dovecot

- blockinfile:
    dest: /etc/dovecot/conf.d/10-master.conf
    insertafter: 'inet_listener imaps {'
    marker: '#{mark} ANSIBLE BLOCK FOR IMAPS PORT'
    block: |
                  port = 993
                  ssl = yes
  notify: restart dovecot

- blockinfile:
    dest: "/etc/dovecot/conf.d/10-master.conf"
    insertafter: "unix_listener auth-userdb {"
    marker: '#{mark} ANSIBLE BLOCK FOR AUTH USER'
    block: |
        group = postman
        mode = 0664
        user = postman
  notify: restart dovecot

- lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf line='mail_location = maildir:/home/postman/%d/%n' regexp='^mail_location = ' state=present
  notify: restart dovecot

- lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf line='mail_gid = postman' state=present
  notify: restart dovecot

- lineinfile: dest=/etc/dovecot/conf.d/10-mail.conf line='mail_uid = postman' state=present
  notify: restart dovecot

- lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="!include auth-system.conf.ext" state=absent
  notify: restart dovecot

- lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="!include auth-ldap.conf.ext" state=present
  notify: restart dovecot

- lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="auth_default_realm = {{ domain }}"
  notify: restart dovecot

- lineinfile: dest=/etc/dovecot/conf.d/10-auth.conf line="auth_mechanisms = login plain"
  notify: restart dovecot

- name: enable ssl key
  blockinfile:
    dest: /etc/dovecot/conf.d/10-ssl.conf
    block: |
        ssl = yes
        ssl_cert = </etc/dovecot/dovecot.cert
        ssl_key = </etc/dovecot/private/dovecot.key

- name: generate the RSA key
  shell: "openssl genrsa -out /etc/dovecot/private/dovecot.key 2048"
  args:
    creates: /etc/dovecot/private/dovecot.key
  notify: restart dovecot

- name: create CSR
  shell: 'openssl req -new -sha256 -subj "/C=IT/ST=ITALY/L=TUSCANY/O=IT/CN={{ fqdn_domain }}" -key /etc/dovecot/private/dovecot.key -out /etc/dovecot/private/dovecot.csr'
  args:
    creates: /etc/dovecot/private/dovecot.csr
  notify: restart dovecot

- name: check if dovecot cert key exist
  stat:
    path: /etc/dovecot/dovecot.cert
  register: dovecot_cert_key

- block:
    - name: get pub key
      shell: "cat /etc/dovecot/private/dovecot.csr"
      register: pub_key
    - debug: var=pub_key verbosity=2
    - name: generate host request
      set_fact:
        cert_request:
          type: 'sign_request'
          request:
            keyType: 'ssl_host'
            hostName: '{{ inventory_hostname }}'
            keyData: '{{ pub_key.stdout }}'
    - debug: var=cert_request verbosity=2
    - name: start sign request
      raw: "{{ cert_request | to_json }}"
      delegate_to: "{{item}}"
      delegate_facts: True
      with_items: "{{groups['cas']}}"
      register: request_result
    - debug: var=request_result verbosity=2

    - set_fact:
          request_output: "{{ request_result.results[0].stdout|string|from_json }}"
    - debug: var=request_output

    - name: generate get request
      set_fact:
        get_request:
          type: 'get_certificate'
          requestID: '{{ request_output.requestID }}'
    - debug: var=get_request verbosity=2

    - debug: msg="Please manualy confirm sign request with id {{ request_output.requestID }}"

    - name: wait for cert
      raw: "{{ get_request | to_json }}"
      delegate_to: "{{item}}"
      delegate_facts: True
      with_items: "{{groups['cas']}}"
      register: cert_result

    - debug: var=cert_result verbosity=2

    - set_fact:
          cert_key: "{{ cert_result.results[0].stdout|string|from_json }}"

    - debug: var=request_output verbosity=2

    - name: set pub key
      shell: "echo '{{ cert_key.result }}' > /etc/dovecot/dovecot.cert"
      register: set_pub_key
  when: not dovecot_cert_key.stat.exists

- template: src=dovecot-ldap.conf.ext.j2 dest=/etc/dovecot/dovecot-ldap.conf.ext
  notify: restart dovecot