#!/usr/bin/env ansible-playbook
# Postfix playbook
---
- hosts: sputnik.adm.crans.org, boeing.adm.crans.org, redisdead.adm.crans.org, titanic.adm.crans.org
  vars:
    certbot:
      - dns_rfc2136_server: '172.16.10.147'
        dns_rfc2136_name: certbot_challenge.
        dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
        mail: root@crans.org
        certname: crans.org
        domains: "*.crans.org"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
    opendkim:
        private_key: "{{ vault.opendkim_private_key }}"
    policyd:
      mail: root@crans.org
      exemptions: "{{ lookup('re2oapi', 'get_role', 'user-server')[0] }}"
      mynetworks:
        ipv4:
          "{{ lookup('re2oapi', 'cidrs', 'serveurs',
                                         'adherents',
                                         'wifi-new-pub',
                                         'fil-new-pub',
                                         'fil-pub',
                                         'wifi-new-serveurs',
                                         'wifi-new-adherents',
                                         'wifi-new-federez',
                                         'fil-new-serveurs',
                                         'fil-new-adherents')
                                         | flatten }}"
        ipv6:
          "{{ lookup('re2oapi', 'prefixv6', 'adherents',
                                            'fil-new-pub',
                                            'wifi-new-pub')
                                            | flatten }}"
  roles:
    - certbot
    - postfix
    - opendkim
    - policyd

- hosts: redisdead.adm.crans.org
  roles:
    - sqlgrey