---
- name: Install and update OpenDKIM
  ansible.builtin.package:
    name:
      - opendkim
      - opendkim-tools
    state: present

- name: Configure OpenDKIM
  ansible.builtin.template:
    src: opendkim.conf.j2
    dest: /etc/opendkim.conf
  notify: restart opendkim

- name: Ensure OpenDKIM unix socket path for postfix
  ansible.builtin.file:
    path: /var/spool/postfix/opendkim
    state: directory
    owner: postfix
    group: opendkim
    mode: '0770'
  notify: restart opendkim

- name: Generate DKIM signing key
  ansible.builtin.command:
    cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ postfix_domain }} --directory /etc/dkimkeys"
    creates: "/etc/dkimkeys/{{ dkim_selector }}.private"
  become: true
  become_user: opendkim
  notify: restart opendkim

- name: Ensure postfix is in opendkim group
  ansible.builtin.user:
    name: postfix
    groups: opendkim
    append: true
  notify: restart opendkim

- name: Register whether /var/spool/postfix/opendkim/opendkim.sock exists
  ansible.builtin.stat:
    path: /var/spool/postfix/opendkim/opendkim.sock
  register: opendkim_socket

- name: (Workaround) Force opendkim to restart again if the unix socket is still missing.
  ansible.builtin.systemd:
    name: opendkim
    state: restarted
  when: not opendkim_socket.stat.exists

- name: Ensure opendkim service is started and enabled.
  ansible.builtin.service:
    name: opendkim
    state: started
    enabled: yes