- name: set rspamd_cfg
  set_fact:
    rspamd_cfg: "{{ rspamd_default_config | d({}) | combine(rspamd_config | d({}), recursive=true) }}"


- name: install rspamd
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - rspamd
      - rspamd-client
      - rspamd-controller
      - rspamd-fuzzy
      - rspamd-proxy
      - alpine: rspamd-openrc
      - py3-cryptography


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ rspamd_user }}"
      group: "{{ rspamd_group }}"


- name: create rspamd directory structure
  file:
    path: "{{ item }}"
    state: directory
    mode: 0700
    owner: "{{ rspamd_user }}"
    group: "{{ rspamd_group }}"
  loop:
    - "{{ rspamd_conf_dir }}"
    - "{{ rspamd_local_dir }}"
    - "{{ rspamd_override_dir }}"
    - "{{ rspamd_local_map_dir }}"


- name: edit service config
  lineinfile:
    path: /etc/conf.d/rspamd
    regexp: "^{{ item.name }}="
    line: "{{ item.name }}=\"{{ item.value }}\""
  notify: restart rspamd
  loop:
    - name: command_user
      value: "{{ rspamd_user }}:{{ rspamd_group }}"
    - name: cfgfile
      value: "{{ rspamd_conf_dir }}/rspamd.conf"


- name: template rspamd configuration
  template:
    src: rspamd.j2
    dest: "{{ rspamd_local_dir ~ '/' ~ ((item ~ '.conf') if item is string else item.dest) }}"
    force: yes
    mode: 0400
    lstrip_blocks: yes
    owner: "{{ rspamd_user }}"
    group: "{{ rspamd_group }}"
  vars:
    rspamd_config_item: "{{ item if item is string else item.conf }}"
  loop:
    - actions
    - { conf: logging, dest: logging.inc }
    - { conf: options, dest: options.inc }
    - settings
    - { conf: worker-controller, dest: worker-controller.inc }
    - { conf: worker-fuzzy, dest: worker-fuzzy.inc }
    - { conf: worker-normal, dest: worker-normal.inc }
    - { conf: worker-proxy, dest: worker-proxy.inc }
    - antivirus
    - arc
    - chartable
    - classifier-bayes
    - dkim
    - dkim_signing
    - dmarc
    - force_actions
    - greylist
    - history_redis
    - milter_headers
    - { conf: mime_types, dest: mime_types.inc.local }
    - multimap
    - mx_check
    - neural
    - neural_group
    - phishing
    - redis
    - replies
  notify: restart rspamd


- name: template rspamd maps
  template:
    src: "{{ item.src ~ '.j2' }}"
    dest: "{{ rspamd_local_map_dir ~ '/' ~ item.dest }}"
    force: yes
    mode: 0400
    lstrip_blocks: yes
    owner: "{{ rspamd_user }}"
    group: "{{ rspamd_group }}"
  loop:
    - { src: bad_filenames, dest: bad_filenames.map }
    - { src: local_domains, dest: local_domains.inc }
    - { src: local_ip_ranges, dest: local_ip_ranges.inc }
  notify: restart rspamd


- name: generate dkim keys
  include_tasks: dkim.yml
  vars:
    key: "{{ item }}"
  loop:
    - { type: 'rsa', selector: 'rsa2048', path: '{{ rspamd_dkim_rsa2048_key }}' }
    - { type: 'ed25519', selector: 'ed25519', path: '{{ rspamd_dkim_ed25519_key }}' }


- name: install and configure redis
  include_role:
    name: redis
  vars:
    redis_group: "{{ rspamd_group }}"
    redis_config:
      unixsocket: "{{ rspamd_redis_socket }}"
      unixsocketperm: "770"


- name: install and configure nginx
  include_role:
    name: nginx
  vars:
    nginx:
      servers:
        - conf: nginx_server
      certs: "{{ host_tls }}"


- name: flush handlers
  meta: flush_handlers


- name: add directories to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ rspamd_conf_dir }}"
      - "{{ rspamd_local_dir }}"
      - "{{ rspamd_local_map_dir }}"
      - "{{ rspamd_override_dir }}"


- name: enable and start rspamd
  service:
    name: rspamd
    enabled: yes
    state: started