---
# XXX: This organization is unfortunate. As of Ansible 1.4, roles are
# applied playbook by playbook and not globally for the whole inventory;
# therefore if two playbooks are given the role 'common', the tasks
# defined in 'common' would be run twice.
# The quickfix to ensure that plays are role-disjoint is to create a
# separate play for each role. Of course the downside is that we loose
# (most of) the advantage of roles...

- name: Common tasks
  hosts: all
  roles:
    - common

- name: Base system
  hosts: IMAP:MX:MSA:webmail:lists:wiki:git
  gather_facts: False
  tasks:
    - name: Install dependencies for letsencrypt-tiny
      apt: pkg={{ item }}
      with_items:
        - liblwp-protocol-https-perl
        - socat
    - name: Copy LetsEncrypt's ACME client
      copy: src=deb/letsencrypt-tiny_0.1-1_all.deb
            dest=/tmp
      notify: Install LetsEncrypt's ACME client
    - name: Create a user 'letsencrypt'
      user: name=letsencrypt system=yes
            group=nogroup
            createhome=no
            home=/nonexistent
            shell=/usr/sbin/nologin
            password=!
            state=present
  handlers:
    - name: Install LetsEncrypt's ACME client
      apt: deb=/tmp/letsencrypt-tiny_0.1-1_all.deb
  tags:
   - letsencrypt

- name: Common SQL tasks
  hosts: MDA:webmail:lists:bacula-dir
  gather_facts: False
  tags: mysql,sql
  roles:
    - common-SQL

- name: Common LDAP tasks
  hosts: MDA:MSA:LDAP-provider:MX
  gather_facts: True
  tags: slapd,ldap
  roles:
    - common-LDAP

- name: Configure the LDAP provider
  hosts: LDAP-provider
  gather_facts: False
  tags: slapd,ldap
  roles:
    - LDAP-provider

- name: Configure the Web servers
  hosts: webmail:wiki:lists:git:munin-master
  gather_facts: False
  tags: nginx,www,web
  roles:
    - common-web

- name: Configure amavis
  hosts: out
  gather_facts: False
  tags: amavis
  roles:
    - amavis