- name: Install Dovecot
  # WARNING: "The destination servers don't need to be running Dovecot,
  #   but you should make sure that the Dovecot proxy doesn't advertise
  #   more capabilities than the destination server can handle."
  # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
  apt: pkg={{ item }} default_release={{ ansible_lsb.codename }}-backports
  with_items:
    - dovecot-core
    - dovecot-imapd

- name: Create a user 'imapproxy'
  user: name=imapproxy system=yes
        createhome=no
        home=/var/lib/imapproxy
        shell=/usr/sbin/nologin
        password=!
        state=present

- name: Create a home directory for user 'imapproxy'
  file: path=/var/lib/imapproxy
        state=directory
        owner=imapproxy group=imapproxy
        mode=0700

- name: Configure Dovecot
  copy: src=etc/dovecot/conf.d/{{ item }}
        dest=/etc/dovecot/conf.d/{{ item }}
        owner=root group=root
        mode=0644
  register: r1
  with_items:
    - 10-auth.conf
    - 10-logging.conf
    - 10-mail.conf
    - 10-master.conf
    - 15-mailboxes.conf
  notify:
    - Restart Dovecot

- name: Configure Dovecot (2)
  template: src=etc/dovecot/conf.d/{{ item }}.j2
            dest=/etc/dovecot/conf.d/{{ item }}
            owner=root group=root
            mode=0644
  register: r2
  with_items:
    - 20-imapc.conf
    - auth-imap.conf.ext
  notify:
    - Restart Dovecot

- name: Start Dovecot
  service: name=dovecot state=started
  when: not (r1.changed or r2.changed)

- meta: flush_handlers


- name: Create /etc/stunnel/certs
  file: path=/etc/stunnel/certs
        state=directory
        owner=root group=root
        mode=0755

- name: Copy Dovecot's X.509 certificate
  copy: src=certs/public/imap.fripost.org.pem
        dest=/etc/stunnel/certs/imap.fripost.org.pem
        owner=root group=root
        mode=0644
  register: r1
  notify:
    - Restart stunnel@roundcube

- name: Copy slapd's X.509 certificate
  copy: src=certs/ldap/ldap.fripost.org.pem
        dest=/etc/stunnel/certs/ldap.fripost.org.pem
        owner=root group=root
        mode=0644
  register: r2
  notify:
    - Restart stunnel@roundcube

- name: Configure stunnel
  copy: src=etc/stunnel/roundcube.conf
        dest=/etc/stunnel/roundcube.conf
        owner=root group=root
        mode=0644
  register: r3
  notify:
    - Restart stunnel@roundcube

- name: Enable stunnel@roundcube
  service: name=stunnel4@roundcube enabled=yes

- name: Start stunnel@roundcube
  service: name=stunnel4@roundcube state=started
  when: not (r1.changed or r2.changed or r3.changed)

- meta: flush_handlers