#!/usr/bin/env ansible-playbook
---
# Temporary
# Wildcard certificate for MX servers
- hosts: titanic.adm.crans.org
  vars:
    certbot:
      dns_rfc2136_name: certbot_challenge.
      dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
      mail: root@crans.org
      certname: crans.org
      domains: "*.crans.org"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
  roles:
    - certbot
  tasks:
    - name: Symlink smtp certificate
      file:
        src: /etc/letsencrypt/live/crans.org/fullchain.pem
        dest: /etc/ssl/certs/smtp.pem
        state: link
        force: true
    - name: Symlink smtp private key
      file:
        src: /etc/letsencrypt/live/crans.org/privkey.pem
        dest: /etc/ssl/private/smtp.pem
        state: link
        force: true
    - name: reload postfix
      systemd:
        enabled: yes
        state: restarted
        name: postfix