- tags: postfix-config
  become: yes
  block:
    - name: "Configure postfix: main.cf"
      notify: reload postfix
      with_items:
        - key: "smtp_sasl_auth_enable"
          value: "yes"
        - key: "smtp_sasl_password_maps"
          value: "hash:/etc/postfix/sasl_passwd"
        - key: "smtp_sasl_security_options"
          value: "noanonymous"
        - key: "smtp_tls_security_level"
          value: "{{ 'encrypt' if postfix__is_satellite else 'may' }}"
      lineinfile:
        dest: /etc/postfix/main.cf
        line: "{{ item.key }} = {{ item.value }}"
        regexp: "^{{ item.key }} ="
    - name: "Configure postfix: main.cf (relayhost)"
      when: postfix__relayhost is defined
      notify: reload postfix
      with_items:
        - key: "relayhost"
          value: "{{ postfix__relayhost }}"
      lineinfile:
        dest: /etc/postfix/main.cf
        line: "{{ item.key }} = {{ item.value }}"
        regexp: "^{{ item.key }} ="

- tags: postfix-config
  when: postfix__sasl_password is defined
  become: yes
  block:
    - name: Create /etc/postfix/sasl_passwd
      copy:
        dest: /etc/postfix/sasl_passwd
        content: ""
        force: no
        mode: 0600

    - name: "Configure postfix: sasl_passwd"
      notify: postmap /etc/postfix/sasl_passwd
      with_items: "{{ postfix__sasl_password }}"
      lineinfile:
        dest: /etc/postfix/sasl_passwd
        line: "{{ item.host }} {{ item.username }}:{{ item.password }}"
        regexp: "^{{ item.host|regex_escape() }}"