- hosts:        seafile
  gather_facts: true
  remote_user:  root
  pre_tasks:
  - name:       provision ssl dir
    file:
      dest:     /etc/ssl/private
      state:    directory
      owner:    root
      group:    root
      mode:     0700

  - name:       copy ssl certificates
    copy:
      src:      files/ssl/{{ item }}
      dest:     /etc/ssl/private/{{ item }}
      owner:    root
      group:    root
      mode:     0600
    with_items:
    - server.key.pem
    - server.crt.pem


  roles:
    - role:     bennojoy.mysql
    - role:     Ginsys.seafile
    - role:     Ginsys.nginx


  post_tasks:
  - name:       allow web server access to seafile data
    user:
      name:     'www-data'
      groups:   '{{ seafile_user }}'
      append:   yes