computer-playbook/roles/web-app-mailu/tasks/01_core.yml

- include_tasks: utils/once/flag.yml

- name: Ensure MAILU_HOSTNAMES is a list with max 1 entry
  ansible.builtin.assert:
    that:
      - MAILU_HOSTNAMES is iterable
      - MAILU_HOSTNAMES is sequence
      - MAILU_HOSTNAMES | length <= 1
    fail_msg: "MAILU_HOSTNAMES must be a list with at most one entry (only one host is supported). You can set the other ones as alias."
    success_msg: "MAILU_HOSTNAMES is valid."
  when: MODE_ASSERT | bool

- name: "load variables from {{ DOCKER_VARS_FILE }}"
  include_vars: "{{ DOCKER_VARS_FILE }}"

- name: Ensure Rspamd overrides directory exists (host)
  file:
    path: "{{ MAILU_RSPAMD_HOST_DIR }}"
    state: directory
    mode: "0755"

- name: Render ratelimit.conf
  template:
    src: ratelimit.conf.j2
    dest: "{{ MAILU_RSPAMD_HOST_FILE }}"
    mode: "0644"

- name: "load docker, db and proxy for {{ application_id }}"
  include_role:
    name: sys-stk-full-stateful
  vars:
    docker_compose_flush_handlers:  true
    webserver_vhost_flavour:        "basic"
    domain:                         "{{ MAILU_HOSTNAME }}"

- name: "Include Cert deploy service for '{{ role_name }}'"
  include_role:
    name: sys-ctl-mtn-cert-deploy
  when: SSL_ENABLED | bool

- name: "Flush Docker Compose handlers"
  meta: flush_handlers

- name: "Create Mailu accounts"
  include_tasks: 02_manage_user.yml
  vars:
    MAILU_DOCKER_DIR:        "{{ docker_compose.directories.instance }}"
    mailu_api_base_url:       "http://127.0.0.1:8080/api/v1"
    mailu_action: >-
      {{
        (
          'administrator' in (item.value.get('roles', []))
        )
        | ternary('admin','user')
      }}
    mailu_user_key:           "{{ item.key }}"
    mailu_user_name:          "{{ item.value.username }}"
    mailu_password:           "{{ item.value.password }}"
    mailu_token_ip:           "{{ item.value.ip | default(networks.internet.ip4) }}"
    mailu_token_name:         "{{ SOFTWARE_NAME ~ ' Token for ' ~ item.value.username }}"
  loop:                       "{{ users | dict2items }}"
  loop_control:
    loop_var: item
  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

- name: Generate DKIM public key
  include_tasks: 04_generate-and-read-dkim.yml

- name: Set Mailu DNS records
  include_tasks: 05_dns-records.yml