- name: "(Re)Create {{ project_dir }} project directory"
  file:
    path: "{{ project_dir }}"
    state: "{{ item }}"
  loop:
    - absent
    - directory

- name: Template configuration files to project directory
  template:
    src: "{{ item.src }}"
    dest: "{{ project_dir }}/{{ item.path }}"
    owner: "{{ host_uid }}"
    group: "{{ users['mailserver'] + uid_shift }}"
    mode: '640'
  with_filetree: ../templates/
  when: item.state == 'file'
  become: true

- name: "Create (if not exists) directory {{ volumes['mailserver_datadir'] }} & set permissions"
  file:
    path: "{{ volumes['mailserver_datadir'] }}"
    state: directory
    owner: "{{ users['mailserver'] + uid_shift }}"
    group: "{{ users['mailserver'] + uid_shift }}"
    mode: '700'
  become: true

- name: Set limited permissions on certificate directories
  file:
    path: "/etc/{{ item }}"
    state: directory
    owner: root
    group: root
    mode: '751'
  become: true
  loop:
    - letsencrypt
    - letsencrypt/live
    - letsencrypt/archive

- name: Set limited permissions on certificate directories
  file:
    path: "/etc/letsencrypt/{{ item }}/mail.{{ domain }}"
    state: directory
    owner: root
    group: "{{ host_uid }}"
    mode: '550'
  become: true
  loop:
    - live
    - archive

- name: Set limited permissions on certificate key file
  file:
    path: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
    owner: root
    group: "{{ host_uid }}"
    mode: '640'
  become: true