---
- name: Install and update OpenDKIM
  ansible.builtin.package:
    name:
      - opendkim
      - opendkim-tools
    state: present

- name: Configure OpenDKIM
  ansible.builtin.template:
    src: opendkim.conf.j2
    dest: /etc/opendkim.conf
  notify: restart opendkim

- name: Ensure OpenDKIM unix socket path for postfix
  ansible.builtin.file:
    path: /var/spool/postfix/opendkim
    state: directory
    owner: postfix
    group: opendkim
    mode: '0770'
  notify: restart opendkim

#- name: Generate DKIM signing key
#  ansible.builtin.command:
#    cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ postfix_domain }} --directory /etc/dkimkeys"
#    creates: "/etc/dkimkeys/{{ dkim_selector }}.private"
#  become: true
#  become_user: opendkim
#  notify: restart opendkim

- name: Ensure DKIM directories exist for each domain
  ansible.builtin.file:
    path: "/etc/dkimkeys/{{ item.name }}"
    state: directory
    owner: opendkim
    group: opendkim
    mode: '0750'
  loop: "{{ [{'name': postfix_domain}] + postfix_virtual_domains }}"

- name: Generate DKIM signing keys for each domain
  ansible.builtin.command:
    cmd: "opendkim-genkey -r -s {{ dkim_selector }} -b 2048 -d {{ item.name }} --directory /etc/dkimkeys/{{ item.name }}"
    creates: "/etc/dkimkeys/{{ item.name }}/{{ dkim_selector }}.private"
  loop: "{{ [{'name': postfix_domain}] + postfix_virtual_domains }}"
  become_user: opendkim
  notify: restart opendkim

- name: Configure the KeyTable
  ansible.builtin.template:
    src: keytable.j2
    dest: "{{ dkim_key_path }}/KeyTable"
    mode: '0644'
  notify: restart opendkim

- name: Configuring the SigningTable
  ansible.builtin.template:
    src: signingtable.j2
    dest: "{{ dkim_key_path }}/SigningTable"
    mode: '0644'
  notify: restart opendkim

- name: Ensure postfix is in opendkim group
  ansible.builtin.user:
    name: postfix
    groups: opendkim
    append: true
  notify: restart opendkim

- name: Register whether /var/spool/postfix/opendkim/opendkim.sock exists
  ansible.builtin.stat:
    path: /var/spool/postfix/opendkim/opendkim.sock
  register: opendkim_socket

- name: (Workaround) Force opendkim to restart again if the unix socket is still missing.
  ansible.builtin.systemd:
    name: opendkim
    state: restarted
  when: not opendkim_socket.stat.exists

- name: Ensure opendkim service is started and enabled.
  ansible.builtin.service:
    name: opendkim
    state: started
    enabled: yes