Post-Tyranny-Tech-Infrastructure/ansible/playbooks/configure-email.yml

---
# Configure email for a single server
- hosts: all
  gather_facts: yes
  tasks:
    - name: Load client secrets
      community.sops.load_vars:
        file: "{{ playbook_dir }}/../../secrets/clients/{{ inventory_hostname }}.sops.yaml"
        name: client_secrets
        age_keyfile: "{{ lookup('env', 'SOPS_AGE_KEY_FILE') }}"
      no_log: true

    - name: Load shared secrets
      community.sops.load_vars:
        file: "{{ playbook_dir }}/../../secrets/shared.sops.yaml"
        name: shared_secrets
        age_keyfile: "{{ lookup('env', 'SOPS_AGE_KEY_FILE') }}"
      no_log: true

    - name: Merge secrets
      set_fact:
        client_secrets: "{{ client_secrets | combine(shared_secrets) }}"
      no_log: true

    - name: Include mailgun role
      include_role:
        name: mailgun

    - name: Configure Nextcloud email if credentials available
      shell: |
        docker exec -u www-data nextcloud php occ config:system:set mail_smtpmode --value="smtp"
        docker exec -u www-data nextcloud php occ config:system:set mail_smtpsecure --value="tls"
        docker exec -u www-data nextcloud php occ config:system:set mail_smtphost --value="smtp.eu.mailgun.org"
        docker exec -u www-data nextcloud php occ config:system:set mail_smtpport --value="587"
        docker exec -u www-data nextcloud php occ config:system:set mail_smtpauth --value="1"
        docker exec -u www-data nextcloud php occ config:system:set mail_smtpname --value="{{ mailgun_smtp_user }}"
        docker exec -u www-data nextcloud php occ config:system:set mail_smtppassword --value="{{ mailgun_smtp_password }}"
        docker exec -u www-data nextcloud php occ config:system:set mail_from_address --value="{{ inventory_hostname }}"
        docker exec -u www-data nextcloud php occ config:system:set mail_domain --value="mg.vrije.cloud"
      when: mailgun_smtp_user is defined
      no_log: true
      register: email_config

    - name: Display email configuration status
      debug:
        msg: |
          ========================================
          Email Configuration
          ========================================
          Status: {{ 'Configured' if email_config.changed | default(false) else 'Skipped (credentials not available)' }}
          SMTP: smtp.eu.mailgun.org:587 (TLS)
          From: {{ inventory_hostname }}@mg.vrije.cloud
          ========================================