- name: Set up those proxy certificates.  Good gravy..
  hosts: proxies-stg:proxies
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

  roles:

  - role: httpd/mod_ssl
    
  - role: httpd/certificate
    name: wildcard-2014.fedoraproject.org
    SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    name: wildcard-2014.fedorahosted.org
    SSLCertificateChainFile: wildcard-2014.fedorahosted.org.intermediate.cert

  - role: httpd/certificate
    name: wildcard-2014.id.fedoraproject.org
    SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    name: wildcard-2014.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    name: fedoramagazine.org
    SSLCertificateChainFile: fedoramagazine.org.intermediate.cert

  - role: httpd/certificate
    name: getfedora.org
    SSLCertificateChainFile: getfedora.org.intermediate.cert

  - role: httpd/certificate
    name: flocktofedora.org
    SSLCertificateChainFile: flocktofedora.org.intermediate.cert

  - role: httpd/certificate
    name: qa.stg.fedoraproject.org
    SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/certificate
    name: qa.fedoraproject.org
    SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert