- name: Docker directory
  ansible.builtin.file:
    path: /opt/{{ docker_mailserver_service_id }}/
    state: directory

- name: Config directory
  ansible.builtin.file:
    path: /opt/{{ docker_mailserver_service_id }}/{{ item }}
    state: directory
  with_items:
    - config
    - ssl

- name: Prepare dovecot custom config
  ansible.builtin.blockinfile:
    dest: /opt/{{ docker_mailserver_service_id }}/11-mail-custom.conf
    marker: "# {mark} ANSIBLE CONFIGURATION"
    create: true
    block: |
      # System user and group used to access mails. If you use multiple, userdb
      # can override these by returning uid or gid fields. You can use either numbers
      # or names. <doc/wiki/UserIds.txt>
      mail_uid = 5000
      mail_gid = 5000
      mail_home = /var/mail/%d/%n

      # permet d'utiliser à la fois le + et le _ comme delimiteur dans les adresses email
      # doit être paramétré de même dans postfix
      recipient_delimiter = {{ docker_mailserver_recipient_delimiter }}

      ### section quotas ldap
      mail_plugins = $mail_plugins quota

      protocol imap {
        # Enable the IMAP QUOTA extension, allowing IMAP clients to ask for the
        # current quota usage.
        mail_plugins = $mail_plugins imap_quota
      }

      plugin {
        quota_grace = 10%%
        # 10% is the default
        quota_status_success = DUNNO
        quota_status_nouser = DUNNO
        quota_status_overquota = "552 5.2.2 Mailbox is full"
        quota = count:User quota
        quota_rule2 = Trash:storage=+100M
        quota_vsizes = yes
        quota_exceeded_message = La taille maximale de la boite de votre destinataire est atteinte.
        quota_warning = storage=95%% quota-warning 95 %u libretic.fr
        quota_warning2 = storage=80%% quota-warning 80 %u libretic.fr
        quota_warning3 = -storage=100%% quota-warning below %u libretic.fr
      }

      service quota-warning {
        executable = script /usr/local/bin/quota-warning
      #  user = root
        unix_listener quota-warning {
          mode = 0666
        }
      }

      ### debug
      #auth_debug = yes
      #mail_debug = yes
      #auth_verbose = yes


- name: Prepare dovecot custom config
  when: docker_mailserver_configure_oauth is true
  ansible.builtin.blockinfile:
    dest: /opt/{{ docker_mailserver_service_id }}/11-mail-custom.conf
    marker: "# {mark} OAUTH ANSIBLE CONFIGURATION"
    insertafter: EOF
    block: |
      ### section authentification OpenID
      auth_mechanisms = $auth_mechanisms xoauth2 oauthbearer

      passdb {
        driver = oauth2
        mechanisms = xoauth2 oauthbearer
        args = /etc/dovecot/dovecot-oauth2.conf.ext
      }

      # provide SASL via unix socket to postfix
      service auth {
        unix_listener /var/spool/postfix/private/auth {
          mode = 0660
          # Assuming the default Postfix user and group
          user = postfix
          group = postfix
        }
      }


- name: Prepare docker-compose.yml and config
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - { src: docker-compose.yml, dest: "/opt/{{ docker_mailserver_service_id }}/" }
    - { src: policyd-spf.conf, dest: "/opt/{{ docker_mailserver_service_id }}/" }
    - { src: jail.local, dest: "/opt/{{ docker_mailserver_service_id }}/" }
    - { src: mailserver.vars, dest: "/opt/{{ docker_mailserver_service_id }}/" }
  notify: docker-compose-up

- name: Prepare dovecot-oauth2.conf.ext.secrets
  when: docker_mailserver_configure_oauth is true
  ansible.builtin.copy:
    content: "{{ docker_mailserver_dovecot_oauth2_configuration }}"
    dest: "/opt/{{ docker_mailserver_service_id }}/dovecot-oauth2.conf.ext.secrets"
  notify: docker-compose-up