---

- name: apply common configuration to all nodes
  hosts: all
  user: root

  roles:
    - common

- name: install PHP-FPM to required nodes
  hosts: php
  user: root
  
  roles:
    - php

- name: Generate LE certs on required servers
  hosts: webservers
  user: root
  
  roles:
    - letsencrypt

- hosts: webservers

  roles:
  - role: jdauphant.nginx
    nginx_user: "www-data"
    nginx_http_params:
      - sendfile "on"
      - server_names_hash_bucket_size 512
    nginx_configs:
      gzip:
        - gzip on
        - gzip_disable msie6
      upstream:
        - upstream php { server unix:/run/php/php7.0-fpm.sock; }
      ssl:
        - ssl_protocols TLSv1 TLSv1.1 TLSv1.2
        - ssl_prefer_server_ciphers on