---
- name: Install opendkim
  ansible.builtin.apt:
    update_cache: true
    name:
      - opendkim
      - opendkim-tools
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Ensure opendkim directories are here
  ansible.builtin.file:
    path: /etc/opendkim/keys/{{ opendkim.domain }}
    state: directory
    mode: "0750"
    owner: opendkim
    group: opendkim
  when: not ansible_check_mode

- name: Deploy opendkim configuration
  ansible.builtin.template:
    src: opendkim.conf.j2
    dest: /etc/opendkim.conf
    mode: "0644"
    owner: opendkim
    group: opendkim

- name: Deploy opendkim configuration
  ansible.builtin.template:
    src: opendkim/{{ item }}.j2
    dest: /etc/opendkim/{{ item }}
    mode: "0644"
    owner: opendkim
    group: opendkim
  loop:
    - KeyTable
    - SigningTable
    - TrustedHosts

- name: Deploy opendkim key
  ansible.builtin.template:
    src: opendkim/keys/key.{{ item }}.j2
    dest: /etc/opendkim/keys/{{ opendkim.domain }}/{{ opendkim.selector }}.{{ item }}
    mode: "0600"
    owner: opendkim
    group: opendkim
  loop:
    - private
    - txt