#!/usr/bin/env ansible-playbook
# Postfix playbook
---
- hosts: sputnik.adm.crans.org, boeing.adm.crans.org, redisdead.adm.crans.org, titanic.adm.crans.org
  vars:
    certbot:
      dns_rfc2136_name: certbot_challenge.
      dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
      mail: root@crans.org
      certname: crans.org
      domains: "*.crans.org"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
    opendkim:
        private_key: "{{ vault_opendkim_private_key }}"
  roles:
    - certbot
    - postfix
    - opendkim