---
# tasks file for rspamd
- name: configure repo
  when: ansible_os_family == 'RedHat'
  block:
    - ansible.builtin.get_url:
        url: https://rspamd.com/rpm-stable/centos-7/rspamd.repo
        dest: /etc/yum.repos.d/rspamd.repo

    - ansible.builtin.rpm_key:
        key: https://rspamd.com/rpm-stable/gpg.key
        state: present

- name: install rspamd
  ansible.builtin.package:
    state: present
    name: rspamd

- name: configure rspamd
  notify: restart rspamd
  block:
  -  ansible.builtin.template:
       src: "{{ item }}"
       dest: /etc/rspamd/local.d/
     loop:
      - multimap.conf
      - milter_headers.conf
      - ip_whitelist.map
      - host_whitelist.map
      - address_whitelist.map
      - address_blacklist.map
      - actions.conf
      - worker-controller.inc
  - ansible.builtin.lineinfile:
      create: true
      path: /etc/rspamd/override.d/worker-proxy.inc
      line: bind_socket = *:11332
  - ansible.builtin.lineinfile:
      create: true
      path: /etc/rspamd/override.d/logging.inc
      line: 'level = "notice";'

- name: open firewall port
  when: use_ufw
  community.general.ufw:
    proto: tcp
    port: "11332"
    src: "{{ item.ip}}"
    comment: "{{ item.comment }}"
    rule: allow
  loop:
    - { ip: 163.172.96.97,  comment: submarine }
    - { ip: 80.67.185.27,   comment: altc01 }
    - { ip: 51.15.130.230,  comment: mutine }
    - { ip: 57.128.123.211,   comment: mimine }
    - { ip:  51.15.253.78,  comment: cosine }

- name: ensure rspamd listen everywhere
  ansible.builtin.lineinfile:
    create: true
    path: /etc/rspamd/local.d/proxy-normal.inc
    regex: "^bind_socket = localhost:11332"
    line: "bind_socket = *:11332"
  notify: restart rspamd

- name: binding rspamd to redis
  ansible.builtin.lineinfile:
    create: true
    path: /etc/rspamd/local.d/redis.conf
    line: 'servers: "127.0.0.1"'
  notify: restart rspamd

- name: start service
  ansible.builtin.service:
    name: rspamd
    state: started
    enabled: true