#!/usr/bin/env ansible-playbook
# Postfix playbook
---
- hosts: postfix,!mailman
  vars:
    certbot:
      - dns_rfc2136_server: 172.16.10.147
        dns_rfc2136_name: certbot_challenge.
        dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
        mail: root@crans.org
        certname: crans.org
        domains: "*.crans.org"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
    opendkim: "{{ glob_opendkim | default({}) | combine(loc_opendkim | default({})) }}"
    policyd:
      mail: root@crans.org
      exemptions: "{{ lookup('re2oapi', 'get_role', 'user-server')[0] }}"
      mynetworks:
        ipv4: "{{ lookup('re2oapi', 'cidrs', 'serveurs', 'adherents', 'wifi-new-pub', 'fil-new-pub', 'fil-pub', 'wifi-new-serveurs', 'wifi-new-adherents', 'wifi-new-federez',\
          \ 'fil-new-serveurs', 'fil-new-adherents') | flatten }}"
        ipv6: "{{ lookup('re2oapi', 'prefixv6', 'adherents', 'fil-new-pub', 'wifi-new-pub') | flatten }}"
  roles:
    - certbot
    - postfix
    - opendkim
    - policyd

- hosts: redisdead.adm.crans.org
  roles:
    - sqlgrey