- name: /etc/postfix/main.cf
  copy: src={{ item }} dest=/etc/postfix/main.cf
  with_first_found:
    - "{{ postfix_maincf }}"
    - "postfix/main.cf/main.cf.{{ ansible_fqdn }}"
    - "postfix/main.cf/main.cf.{{ inventory_hostname }}"
    - "postfix/main.cf/main.cf.{{ host_group }}"
    - "postfix/main.cf/main.cf.{{ postfix_group }}"
    - "postfix/main.cf/main.cf.{{ datacenter }}"
    - "postfix/main.cf/main.cf"
  notify:
  - restart postfix
  tags:
  - postfix
  - config
  - base
  - smtp_auth_relay

- name: install /etc/postfix/master.cf file
  copy: src={{ item }} dest=/etc/postfix/master.cf mode=0644
  with_first_found:
    - "postfix/master.cf/master.cf.{{ inventory_hostname }}"
    - "postfix/master.cf/master.cf.{{ host_group }}"
    - "postfix/master.cf/master.cf.{{ postfix_group }}"
    - "postfix/master.cf/master.cf"
  when: inventory_hostname.startswith(('smtp-mm', 'mailman', 'noc02', 'bastion', 'smtp-auth'))
  notify:
  - restart postfix
  tags:
  - postfix
  - config
  - base

- name: Deploy sender_access file
  copy: src="{{private}}/files/smtpd/sender_access.{{postfix_group}}" dest="/etc/postfix/sender_access"
  when: postfix_group == "smtp-mm" or postfix_group == "mailman" or postfix_group == "gateway"
  notify:
  - restart postfix
  tags:
  - postfix
  - config
  - base

- name: work around s390 privatedevices bug
  ini_file:
    path: /usr/lib/systemd/system/postfix.service
    section: Service
    option: PrivateDevices
    value: false
  notify:
  - reload systemd
  when: inventory_hostname.startswith(('buildvm-s390x'))
  tags:
  - postfix
  - config
  - base

- name: enable postfix to start
  service: name=postfix state=started enabled=true
  tags:
  - service
  - base

- name: install /etc/postfix/transport file
  copy: src="postfix/{{ postfix_transport_filename }}" dest=/etc/postfix/transport
  when: inventory_hostname.startswith(('smtp-mm','bastion','noc02')) and env != 'staging'
  notify:
  - rebuild postfix transport
  - restart postfix
  tags:
  - postfix
  - base
  - config

- name: install /etc/postfix/bysender file
  copy: src="postfix/bysender" dest=/etc/postfix/bysender
  when: inventory_hostname.startswith(('bastion')) and env != 'staging'
  notify:
  - rebuild postfix bysender
  - restart postfix
  tags:
  - postfix
  - base
  - config

- name: create /etc/postfix/tls_policy
  copy: src="postfix/tls_policy" dest=/etc/postfix/tls_policy
  when: inventory_hostname.startswith(('bastion','smtp-mm','pagure')) and env != 'staging'
  notify:
  - rebuild postfix tls_policy
  - restart postfix
  tags:
  - postfix
  
# Install gateway tls cert as a pem file. 
# This has: private key, then cert, then intermediate cert
# This cert is a digicert one, renew it there.
- name: install /etc/pki/tls/private/gateway-chain.pem
  copy: 
    src="{{private}}/files/smtpd/gateway-chain.pem"
    dest=/etc/pki/tls/private/gateway-chain.pem
    owner=root
    group=root
    mode=0600
  when: inventory_hostname.startswith(('bastion','smtp-mm')) and env != 'staging'
  notify:
  - restart postfix
  tags:
  - postfix