---
- name: arc | Manage the arc packages in EL systems
  when:
    - ansible_distribution_file_variety == "RedHat"
    - postfix_arc_enabled
  tags: ['postfix', 'postfix_arc', 'arc']
  block:
    - name: arc | Install the arc packages on EL
      ansible.builtin.yum:
        pkg: '{{ postfix_arc_el_pkgs }}'
        state: present


- name: arc | Manage the arc packages in DEB systems
  when:
    - ansible_distribution_file_variety == "Debian"
    - postfix_arc_enabled
  tags: ['postfix', 'postfix_arc', 'arc']
  block:
    - name: arc | Install the arc packages on DEB
      ansible.builtin.apt:
        pkg: '{{ postfix_arc_deb_pkgs }}'
        state: present
        cache_valid_time: 1800

- name: arc | ARC configuration
  tags: ['postfix', 'postfix_arc', 'arc', 'postfix_conf', 'arc_conf']
  when: postfix_arc_enabled
  block:
    - name: arc | Ensure that the /var/run/openarc directory exists
      ansible.builtin.file:
        dest: /var/run/openarc
        state: directory
        mode: "0700"
        owner: '{{ postfix_arc_user }}'
        group: '{{ postfix_arc_group }}'

    - name: arc | Create the arc domains subdirs
      ansible.builtin.file:
        dest: '{{ postfix_arc_base_dir }}/{{ postfix_arc_domain }}'
        state: directory
        mode: "0750"
        owner: '{{ postfix_arc_user }}'
        group: '{{ postfix_arc_group }}'

    - name: arc | Create the arc signature (only one domain is supported)
      become: true
      become_user: '{{ postfix_arc_user }}'
      ansible.builtin.command: opendkim-genkey -D {{ postfix_arc_key_dir }} -d {{ postfix_arc_domain }} -s {{ postfix_arc_domain_selector }}
      args:
        creates: '{{ postfix_arc_base_dir }}/{{ postfix_arc_domain }}/{{ postfix_arc_domain_selector }}.private'
      notify: Restart openarc

    - name: arc | Install the trustedhosts list when defined
      ansible.builtin.template:
        src: 'arc_trustedhosts.j2'
        dest: '{{ postfix_arc_base_dir }}/trustedhosts'
        owner: '{{ postfix_arc_user }}'
        group: '{{ postfix_arc_group }}'
        mode: "0600"
      notify: Restart openarc

    - name: arc | Install the openarc configuration
      ansible.builtin.template:
        src: openarc.conf.j2
        dest: '{{ postfix_arc_conf }}'
        owner: root
        group: root
        mode: "0644"
      notify: Restart openarc
    - name: arc | Install the openarc startup options file
      ansible.builtin.template:
        src: openarc.defaults.j2
        dest: /etc/sysconfig/openarc
        owner: root
        group: root
        mode: "0644"
      notify: Restart openarc
      when: ansible_distribution_file_variety == "RedHat"
    - name: arc | Create the drop in directory for the openarc service
      ansible.builtin.file:
        dest: /etc/systemd/system/openarc.service.d
        state: directory
        mode: "0755"
        owner: root
        group: root
      notify: Restart openarc
      when: ansible_distribution_file_variety == "RedHat"
    - name: arc | Install the openarc service drop in configuration
      ansible.builtin.template:
        src: openarc.service-override.j2
        dest: /etc/systemd/system/openarc.service.d/override.conf
        owner: root
        group: root
        mode: "0644"
      notify: Restart openarc
      when: ansible_distribution_file_variety == "RedHat"

- name: arc | Manage the arc service
  tags: ['postfix', 'postfix_arc', 'arc']
  block:
    - name: arc | Ensure that the openarc service is started and enabled
      ansible.builtin.service:
        name: openarc
        state: started
        enabled: true