---
- name: install letsencrypt
  apt:
    name: letsencrypt
    state: latest

- name: allow 80/tcp ufw
  ufw:
    rule: allow
    port: '80'
    proto: 'tcp'

- name: allow 443/tcp ufw
  ufw:
    rule: allow
    port: '443'
    proto: 'tcp'

- name: restart ufw
  service: name=ufw state=restarted enabled=yes

- name: request certificate
  shell: >
    letsencrypt certonly -n --standalone -d "{{ domain }}" \
      -m "{{ certbot_email }}" --agree-tos
  args:
    creates: "/etc/letsencrypt/live/{{ domain }}"

- name: add monthly letsencrypt cronjob for cert renewal
  cron:
    name: "letsencrypt_renewal_mail"
    day: "18"
    hour: "2"
    minute: "1"
    job: "letsencrypt renew --cert-name {{ domain }} -n --standalone --agree-tos -m {{ certbot_email }}"

- name: ensure mail docker/compose exist
  file:
    path: /etc/docker/compose/mail
    state: directory
    owner: root
    group: root
    mode: 0700

- name: ensure mail docker/compose volume exist
  file:
    path: /etc/docker/compose/mail/docker-data/dms/config
    state: directory
    owner: root
    group: root
    mode: 0700

# https://github.com/docker-mailserver/docker-mailserver/issues/1562
- name: ensure mail docker/compose ldap overrides exist
  copy:
    src: ../files/postmaster-main.cf
    dest: /etc/docker/compose/mail/docker-data/dms/config/postfix-main.cf

- name: build mail docker-compose.yml.j2
  template:
    src: ../templates/docker-compose.yml.j2
    dest: /etc/docker/compose/mail/docker-compose.yml
    owner: root
    group: root
    mode: u=rw,g=r,o=r

- name: daemon-reload and enable mail
  ansible.builtin.systemd_service:
    state: restarted
    enabled: true
    name: docker-compose@mail