- name: setup
  hosts: mail_server
  become: yes

  tasks:
  - name: set system hostname
    hostname:
      name: "{{ mail_domain }}"

  - name: install packages
    package:
      name:
        - ufw
        - gnupg
        - certbot
      state: latest

  - name: allow http for certificate challenges
    ufw:
      rule: allow
      port: '80'
      proto: tcp

  - name: allow smtp
    ufw:
      rule: allow
      port: '25'
      proto: tcp

  - name: allow smtps
    become: yes
    ufw:
      rule: allow
      port: '465'
      proto: tcp

  - name: allow imaps
    ufw:
      rule: allow
      port: '993'
      proto: tcp

  - name: get certificate
    command:
      cmd: "certbot certonly --standalone -d {{ mail_domain }} -m {{ cert_email }} --non-interactive --agree-tos --no-eff-email"

- name: configure services
  hosts: mail_server
  become: yes
  roles:
    - postfix
    - dovecot
    - opendkim
    - opendmarc
    - postgrey
    - spamassassin
    - policyd_spf

- name: get dns recordV
  hosts: mail_server
  become: yes
  
  tasks:
    - name: get dns entries
      shell: |
        pubkey="$(tr -d '\n' </etc/dkimkeys/{{ dkim_selector }}.txt | sed "s/^.*p=/p=/;s/\" )  ;.*$//" | tr -d "\"[:space:]")"
        dkimdns="{{ dkim_selector }}._domainkey IN TXT \"v=DKIM1; k=rsa; $pubkey\""
        dmarcdns="_dmarc IN TXT \"v=DMARC1; p=reject; rua=mailto:dmarc@{{ domain }}; fo=1\""
        spfdns="@ IN TXT \"v=spf1 a:{{ mail_domain }} -all\""

        echo "DNS Entries
        DKIM:   $dkimdns
        DMARC:  $dmarcdns
        SPF:  $spfdns" > $HOME/dns_records
      register: dns_result

    - name: inform where to get records
      debug:
        msg: "You can now find the DNS records you need to set at /home/root/dns_records"