blob: cdf4372b63a2cfb7fbee724ad0bd17a1653ffe90 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
---
# XXX: This organization is unfortunate. As of Ansible 1.4, roles are
# applied playbook by playbook and not globally for the whole inventory;
# therefore if two playbooks are given the role 'common', the tasks
# defined in 'common' would be run twice.
# The quickfix to ensure that plays are role-disjoint is to create a
# separate play for each role. Of course the downside is that we loose
# (most of) the advantage of roles...
- name: Common tasks
hosts: all
roles:
- common
- name: Base system
hosts: IMAP:MX:MSA:webmail:lists:wiki:git
gather_facts: False
tasks:
- name: Install dependencies for letsencrypt-tiny
apt: pkg={{ item }}
with_items:
- liblwp-protocol-https-perl
- socat
- name: Copy LetsEncrypt's ACME client
copy: src=deb/letsencrypt-tiny_0.1-1_all.deb
dest=/tmp
notify: Install LetsEncrypt's ACME client
- name: Create a user 'letsencrypt'
user: name=letsencrypt system=yes
group=nogroup
createhome=no
home=/nonexistent
shell=/usr/sbin/nologin
password=!
state=present
handlers:
- name: Install LetsEncrypt's ACME client
apt: deb=/tmp/letsencrypt-tiny_0.1-1_all.deb
tags:
- letsencrypt
- name: Common SQL tasks
hosts: MDA:webmail:lists:bacula-dir
gather_facts: False
tags: mysql,sql
roles:
- common-SQL
- name: Common LDAP tasks
hosts: MDA:MSA:LDAP-provider:MX
gather_facts: True
tags: slapd,ldap
roles:
- common-LDAP
- name: Configure the LDAP provider
hosts: LDAP-provider
gather_facts: False
tags: slapd,ldap
roles:
- LDAP-provider
- name: Configure the Web servers
hosts: webmail:wiki:lists:git:munin-master
gather_facts: False
tags: nginx,www,web
roles:
- common-web
- name: Configure amavis
hosts: out
gather_facts: False
tags: amavis
roles:
- amavis
|
