file_attributes = {
    'owner': 'opendkim',
    'group': 'opendkim',
    'mode': '700',
    'triggers': {
        'svc_systemd:opendkim:restart',
    },
}

users['opendkim'] = {}

directories = {
    '/etc/opendkim': {
        **file_attributes,
        'purge' : True,
    },
    '/etc/opendkim/keys': {
        **file_attributes,
        'purge' : True,
    },
}

files = {
    '/etc/opendkim.conf': {
        **file_attributes,
    },
    '/etc/defaults/opendkim': {
        # https://metadata.ftp-master.debian.org/changelogs//main/o/opendkim/testing_opendkim.NEWS
        'delete': True,
    },
    '/etc/opendkim/key_table': {
        'content_type': 'mako',
        'context': {
            'domains': node.metadata.get('mailserver/domains'),
        },
        **file_attributes,
    },
    '/etc/opendkim/signing_table': {
        'content_type': 'mako',
        'context': {
            'domains': node.metadata.get('mailserver/domains'),
        },
        **file_attributes,
    },
}

for domain in node.metadata.get('mailserver/domains'):
    directories[f'/etc/opendkim/keys/{domain}'] = {
        **file_attributes,
        'purge': True,
    }
    files[f'/etc/opendkim/keys/{domain}/mail.private'] = {
        **file_attributes,
        'content': node.metadata.get(f'opendkim/keys/{domain}/private'),
    }

svc_systemd['opendkim'] = {
    'needs': {
        'pkg_apt:opendkim',
        'file:/etc/opendkim.conf',
        'file:/etc/opendkim/key_table',
        'file:/etc/opendkim/signing_table',
    },
}