Update syntax for variables in playbooks (from ${var} to {{ var }}

roles/common/handlers/base.yml

@@ -13,4 +13,4 @@
     - Apply kernel configuration (sys)
 
 - name: Update motd
-  shell: toilet -f future ${ansible_fqdn} > /var/run/motd && echo >> /var/run/motd && uname -snrvm >> /var/run/motd && echo >> /var/run/motd
+  shell: toilet -f future {{ ansible_fqdn }} > /var/run/motd && echo >> /var/run/motd && uname -snrvm >> /var/run/motd && echo >> /var/run/motd

roles/common/tasks/base.yml

@@ -7,18 +7,18 @@
   template: src=hosts.deny.j2 dest=/etc/hosts.deny owner=root group=root mode=0644
 
 - name: Write /etc/apt/sources.list
-  template: src=apt/sources.${ansible_lsb.codename}.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
+  template: src=apt/sources.{{ ansible_lsb.codename }}.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
   notify:
     - Reload apt cache
 
 - name: Write /etc/apt/apt.conf.d configuration files
-  template: src=apt/${item}.j2 dest=/etc/apt/apt.conf.d/${item} owner=root group=root mode=0644
+  template: src=apt/{{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }} owner=root group=root mode=0644
   with_items:
     - local-recommends
     - local-pdiffs
 
 - name: Install base packages
-  apt: pkg=${item} install_recommends=no state=installed update_cache=yes
+  apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes
   with_items:
     - apticron
     - locales-all
@@ -39,7 +39,7 @@
     - rsync
 
 - name: Install kernel configuration (proc)
-  template: src=kernel/sysctl.d/${item}.j2 dest=/etc/sysctl.d/${item} owner=root group=root mode=0644
+  template: src=kernel/sysctl.d/{{ item }}.j2 dest=/etc/sysctl.d/{{ item }} owner=root group=root mode=0644
   with_items:
       - 10-increase-file-descriptors.conf
   notify:
@@ -49,31 +49,31 @@
   file: path=/etc/sysfs.d state=directory owner=root group=root mode=0755
 
 - name: Install kernel configuration (sys)
-  template: src=kernel/sysfs.d/${item}.j2 dest=/etc/sysfs.d/${item} owner=root group=root mode=0644
+  template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
   with_items:
       - 00-sysfs-prolog.conf
   notify:
     - Refresh sysfs configuration
 
 - name: Install kernel configuration (sys) for disks
-  template: src=kernel/sysfs.d/${item}.j2 dest=/etc/sysfs.d/${item} owner=root group=root mode=0644
+  template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
   with_items:
       - 10-disks.conf
   notify:
     - Refresh sysfs configuration
-  when: ${sysfs_disk_settings}
+  when: sysfs_disk_settings
 
 - name: Install sudo configuration
   template: src=sudo/local-admin.j2 dest=/etc/sudoers.d/local-admin owner=root group=root mode=0440
 
 - name: Install unprivileged user
-  user: name="${item.user}" comment="${item.fullname}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present
-  with_items: ${admins}
+  user: name="{{ item.user }}" comment="{{ item.fullname }}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present
+  with_items: admins
 
 - name: Install SSH key for unprivileged user
-  authorized_key: user="${item.user}" key="$FILE(roles/common/data/users/${item.user}/id_rsa.pub)" state=present
-  with_items: ${admins}
+  authorized_key: user="{{ item.user }}" key="{{ lookup('file', '../data/users/' + item.user + '/id_rsa.pub') }}" state=present
+  with_items: admins
 
 - name: Install SSH key for root
-  authorized_key: user=root key="$FILE(roles/common/data/users/${item.user}/id_rsa.pub)" state=present
-  with_items: ${admins}
+  authorized_key: user=root key="{{ lookup('file', '../data/users/' + item.user + '/id_rsa.pub') }}" state=present
+  with_items: admins

roles/common/tasks/ovh.yml

@@ -1,15 +1,15 @@
 - name: Install kernel configuration for OVH dedicated servers (proc)
-  template: src=kernel/sysctl.d/${item}.j2 dest=/etc/sysctl.d/${item} owner=root group=root mode=0644
+  template: src=kernel/sysctl.d/{{ item }}.j2 dest=/etc/sysctl.d/{{ item }} owner=root group=root mode=0644
   with_items:
       - 01-ovh-network.conf
   notify:
     - Apply kernel configuration (proc)
-  when: ${with_ovh}
+  when: with_ovh
 
 - name: Install kernel configuration for OVH dedicated servers (sys)
-  template: src=kernel/sysfs.d/${item}.j2 dest=/etc/sysfs.d/${item} owner=root group=root mode=0644
+  template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
   with_items:
       - 01-ovh-network.conf
   notify:
     - Refresh sysfs configuration
-  when: ${with_ovh}
+  when: with_ovh

roles/common/tasks/security.yml

@@ -1,23 +1,23 @@
 - name: Install auto upgrades package
   apt: pkg=unattended-upgrades state=installed update_cache=yes
-  when: ${with_auto_upgrade}
+  when: with_auto_upgrade
 
 - name: Configure auto upgrades
-  template: src=${item} dest=/etc/apt/apt.conf.d/20auto-upgrades owner=root group=root mode=0644
+  template: src={{ item }} dest=/etc/apt/apt.conf.d/20auto-upgrades owner=root group=root mode=0644
   first_available_file:
-    - apt/auto-upgrades.${ansible_lsb.codename}.j2
+    - apt/auto-upgrades.{{ ansible_lsb.codename }}.j2
     - apt/auto-upgrades.j2
-  when: ${with_auto_upgrade}
+  when: with_auto_upgrade
 
 - name: Install logcheck packages
-  apt: pkg=${item} state=installed update_cache=yes
+  apt: pkg={{ item }} state=installed update_cache=yes
   with_items:
     - logcheck
     - logcheck-database
-  when: ${with_logcheck}
+  when: with_logcheck
 
 - name: Install local configuration files for logcheck
-  copy: src=logcheck/${item}_local dest=/etc/logcheck/ignore.d.server/${item}_local owner=root group=root mode=0644
+  copy: src=logcheck/{{ item }}_local dest=/etc/logcheck/ignore.d.server/{{ item }}_local owner=root group=root mode=0644
   with_items:
     - ansible
     - amavisd-new
@@ -42,20 +42,20 @@
     - sshd
     - svn
     - sympa
-  when: ${with_logcheck}
+  when: with_logcheck
 
 - name: Update logcheck cron job
   template: src=cron/logcheck.j2 dest=/etc/cron.d/logcheck owner=root group=root mode=0644
-  when: ${with_logcheck}
+  when: with_logcheck
 
 - name: Update rkhunter default/init parameters
   template: src=rkhunter/default.j2 dest=/etc/default/rkhunter owner=root group=root mode=0644
-  when: ${with_rkhunter}
+  when: with_rkhunter
 
 - name: Update rkhunter configuration
-  template: src=rkhunter/${ansible_lsb.codename}.conf.j2 dest=/etc/rkhunter.conf owner=root group=root mode=0644
-  when: ${with_rkhunter}
+  template: src=rkhunter/{{ ansible_lsb.codename }}.conf.j2 dest=/etc/rkhunter.conf owner=root group=root mode=0644
+  when: with_rkhunter
 
 - name: Update chkrootkit configuration
   template: src=chkrootkit/chkrootkit.conf.j2 dest=/etc/chkrootkit.conf owner=root group=root mode=0644
-  when: ${with_chkrootkit}
+  when: with_chkrootkit

roles/common/tasks/smartd.yml

@@ -1,6 +1,6 @@
 - name: Install smartmontools package
   apt: pkg=smartmontools state=installed update_cache=yes
-  when: ${with_smartd}
+  when: with_smartd
 
 - name: Install smartd configuration
   template: dest=/etc/smartd.conf owner=root group=root mode=0644
@@ -9,14 +9,14 @@
     - smartd/smartd.conf.j2
   notify:
     - Restart smartmontools
-  when: ${with_smartd}
+  when: with_smartd
 
 - name: Update smartmontools default/init parameters
   template: src=smartd/default.j2 dest=/etc/default/smartmontools owner=root group=root mode=0644
   notify:
     - Restart smartmontools
-  when: ${with_smartd}
+  when: with_smartd
 
 - name: Ensure smartmontools is running
   service: name=smartmontools state=started
-  when: ${with_smartd}
+  when: with_smartd

roles/common/tasks/smtp.yml

@@ -1,15 +1,24 @@
 - name: Install postfix packages
-  apt: pkg=postfix state=installed update_cache=yes
-  when: ${with_postfix}
+  apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes
+  with_items:
+    - postfix
+    - ca-certificates
+  when: with_postfix
 
 - name: Install mail aliases file
   template: src=aliases.j2 dest=/etc/aliases owner=root group=root mode=0644
   notify:
     - Regenerate aliases cache
-  when: ${with_postfix} or ${with_mail_aliases}
+  when: with_postfix or with_mail_aliases
+
+- name: Create Diffie-Helman parameters (2048 bits) for postfix
+  command: openssl dhparam -2 -out /etc/ssl/private/dh2048.pem 2048 creates=/etc/ssl/private/dh2048.pem
+  notify:
+    - Restart postfix
+  when: with_postfix
 
 - name: Install postfix main configuration
   template: src=postfix/main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0644
   notify:
     - Restart postfix
-  when: ${with_postfix}
+  when: with_postfix

roles/common/tasks/ssh.yml

@@ -1,16 +1,16 @@
 - name: Install ssh packages
-  apt: pkg=${item} state=installed update_cache=yes
+  apt: pkg={{ item }} state=installed update_cache=yes
   with_items:
     - openssh-server
     - openssh-client
-  when: ${with_ssh}
+  when: with_ssh
 
 - name: Install sshd configuration
   template: src=ssh/sshd_config.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0644
   notify:
     - Restart ssh
-  when: ${with_ssh}
+  when: with_ssh
 
 - name: Ensure ssh is running
   service: name=ssh state=started
-  when: ${with_ssh}
+  when: with_ssh

roles/dbserver/tasks/mysql.yml

@@ -1,14 +1,14 @@
 - name: Install mysql-server related packages
-  apt: pkg=${item} state=installed update_cache=yes
+  apt: pkg={{ item }} state=installed update_cache=yes
   with_items:
     - mysql-server
     - automysqlbackup
-  when: ${with_mysql}
+  when: with_mysql
 
 - name: Change mysql root default password
-  raw: if "SELECT VERSION();" | mysql -u root >/dev/null 2>&1 ; then echo "UPDATE mysql.user SET Password=PASSWORD('${mysql_root_password}') WHERE User IN ('', 'root'); FLUSH PRIVILEGES;" | mysql --defaults-file=/etc/mysql/debian.cnf ; fi
-  when: ${with_mysql}
+  raw: if "SELECT VERSION();" | mysql -u root >/dev/null 2>&1 ; then echo "UPDATE mysql.user SET Password=PASSWORD('{{ mysql_root_password }}') WHERE User IN ('', 'root'); FLUSH PRIVILEGES;" | mysql --defaults-file=/etc/mysql/debian.cnf ; fi
+  when: with_mysql
 
 - name: Ensure mysql-server is running
   service: name=mysql state=started
-  when: ${with_mysql}
+  when: with_mysql

roles/monitoring/tasks/mon.yml

@@ -1,35 +1,35 @@
 - name: Install mon packages
   apt: pkg=mon state=installed update_cache=yes
-  when: ${with_mon}
+  when: with_mon
 
 - name: Create need directory for mon configuration
   file: path=/etc/mon/mon.d state=directory owner=root group=root mode=0755
-  when: ${with_mon}
+  when: with_mon
 
 - name: Install mon configuration
-  template: src=mon/${ansible_hostname}.conf.j2 dest=/etc/mon/mon.cf owner=root group=root mode=0644
+  template: src=mon/{{ ansible_hostname }}.conf.j2 dest=/etc/mon/mon.cf owner=root group=root mode=0644
   notify:
     - Restart mon
-  when: ${with_mon}
+  when: with_mon
 
 - name: Install mon (default) configuration
   template: src=mon/default.j2 dest=/etc/default/mon owner=root group=root mode=0644
   notify:
     - Restart mon
-  when: ${with_mon}
+  when: with_mon
 
 - name: Install custom mon plugins
-  copy: src=mon/${item}.monitor dest=/etc/mon/mon.d/${item}.monitor owner=root group=root mode=0755
+  copy: src=mon/{{ item }}.monitor dest=/etc/mon/mon.d/{{ item }}.monitor owner=root group=root mode=0755
   with_items:
     - https
     - imaps
     - dns
   notify:
     - Restart mon
-  when: ${with_mon}
+  when: with_mon
 
 - name: Install mon plugins
-  file: src=/usr/lib/mon/mon.d/${item}.monitor path=/etc/mon/mon.d/${item}.monitor state=link
+  file: src=/usr/lib/mon/mon.d/{{ item }}.monitor path=/etc/mon/mon.d/{{ item }}.monitor state=link
   with_items:
     - fping
     - http
@@ -38,8 +38,8 @@
     - tcp
   notify:
     - Restart mon
-  when: ${with_mon}
+  when: with_mon
 
 - name: Ensure mon is running
   service: name=mon state=started
-  when: ${with_mon}
+  when: with_mon

roles/monitoring/tasks/munin.yml

@@ -1,13 +1,13 @@
 - name: Install munin packages
   apt: pkg=munin state=installed update_cache=yes
-  when: ${with_munin}
+  when: with_munin
 
 - name: Install munin configuration
   template: src=munin/munin.conf.j2 dest=/etc/munin/munin.conf owner=root group=root mode=0644
-  when: ${with_munin}
+  when: with_munin
 
 - name: Install munin-node packages
-  apt: pkg=${item} state=installed update_cache=yes
+  apt: pkg={{ item }} state=installed update_cache=yes
   with_items:
     - munin-node
     - munin-plugins-extra
@@ -16,57 +16,57 @@
     - libdbd-pg-perl
     - libdbd-mysql-perl
     - liblwp-useragent-determined-perl
-  when: ${with_munin_node}
+  when: with_munin_node
 
 - name: Create need directories for munin-node configuration
-  file: path=/etc/munin/${item} state=directory owner=root group=root mode=0755
+  file: path=/etc/munin/{{ item }} state=directory owner=root group=root mode=0755
   with_items:
     - plugins
     - plugin-conf.d
-  when: ${with_munin_node}
+  when: with_munin_node
 
 - name: Install munin node configuration
   template: src=munin/munin-node.conf.j2 dest=/etc/munin/munin-node.conf owner=root group=root mode=0644
   notify:
     - Restart munin-node
-  when: ${with_munin_node}
+  when: with_munin_node
 
 - name: Install munin node plugins configuration
   template: src=munin/munin-node.conf.plugins.j2 dest=/etc/munin/plugin-conf.d/munin-node owner=root group=root mode=0644
   notify:
     - Restart munin-node
-  when: ${with_munin_node}
+  when: with_munin_node
 
 - name: Autoconfigure munin-node plugins
   munin_node_autoconf: families=auto,manual,contrib excludes=apc_nis,apt,apt_all,port_,ipmi_fans,ipmi_power,ipmi_temp,ntp_,ircu,ntp_kernel_err,ntp_kernel_pll_freq,ntp_kernel_pll_off,ntp_offset,ntp_states
   notify:
     - Restart munin-node
-  when: ${with_munin_node}
+  when: with_munin_node
 
 - name: Install nginx virtual host for munin (sites-available)
   template: src=munin/nginx_vhost.j2 dest=/etc/nginx/sites-available/munin owner=root group=root mode=0644
   notify:
     - Reload nginx for munin
-  when: ${with_munin} and ${with_nginx}
+  when: with_munin and with_nginx
 
 - name: Install nginx virtual host for munin (sites-enabled)
   file: src=/etc/nginx/sites-available/munin path=/etc/nginx/sites-enabled/munin state=link
   notify:
     - Reload nginx for munin
-  when: ${with_munin} and ${with_nginx}
+  when: with_munin and with_nginx
 
 - name: Install apache2 virtual host for munin (sites-available)
   template: src=munin/apache2_vhost.j2 dest=/etc/apache2/sites-available/munin owner=root group=root mode=0644
   notify:
     - Reload apache2 for munin
-  when: ${with_munin} and ${with_apache2}
+  when: with_munin and with_apache2
 
 - name: Install apache2 virtual host for munin (sites-enabled)
   file: src=/etc/apache2/sites-available/munin path=/etc/apache2/sites-enabled/munin state=link
   notify:
     - Reload apache2 for munin
-  when: ${with_munin} and ${with_apache2}
+  when: with_munin and with_apache2
 
 - name: Ensure munin-node is running
   service: name=munin-node state=started
-  when: ${with_munin_node}
+  when: with_munin_node

roles/webserver/tasks/apache2.yml

@@ -1,45 +1,45 @@
 - name: Install apache2 packages
   apt: pkg=apache2 state=installed update_cache=yes
-  when: ${with_apache2}
+  when: with_apache2
 
 - name: Install apache2 basic security configuration
   template: src=apache2/conf.d/security.j2 dest=/etc/apache2/conf.d/security owner=root group=root mode=0644
   notify:
     - Reload apache2
-  when: ${with_apache2}
+  when: with_apache2
 
 - name: Install mod_php5 packages for apache2
   apt: pkg=libapache2-mod-php5 state=installed update_cache=yes
-  when: ${with_apache2} and ${with_apache2_modphp5}
+  when: with_apache2 and with_apache2_modphp5
 
 - name: Create basic authentication file for admin (apache2)
   template: src=apache2/auth_admin.j2 dest=/etc/apache2/auth_admin owner=root group=www-data mode=0640
-  when: ${with_apache2}
+  when: with_apache2
 
 - name: Install PHPMyAdmin virtual host for apache2 (sites-available)
   template: src=apache2/pma_vhost.j2 dest=/etc/apache2/sites-available/pma owner=root group=root mode=0644
   notify:
     - Reload apache2
-  when: ${with_phpmyadmin} and ${with_apache2}
+  when: with_phpmyadmin and with_apache2
 
 - name: Install PHPMyAdmin virtual host for apache2 (sites-enabled)
   file: src=/etc/apache2/sites-available/pma path=/etc/apache2/sites-enabled/pma state=link
   notify:
     - Reload apache2
-  when: ${with_phpmyadmin} and ${with_apache2}
+  when: with_phpmyadmin and with_apache2
 
 - name: Install PHP system checks virtual host for apache2 (sites-available)
   template: src=apache2/sys_vhost.j2 dest=/etc/apache2/sites-available/sys owner=root group=root mode=0644
   notify:
     - Reload apache2
-  when: ${with_php} and ${with_apache2}
+  when: with_php and with_apache2
 
 - name: Install PHP system checks virtual host for apache2 (sites-enabled)
   file: src=/etc/apache2/sites-available/sys path=/etc/apache2/sites-enabled/sys state=link
   notify:
     - Reload apache2
-  when: ${with_php} and ${with_apache2}
+  when: with_php and with_apache2
 
 - name: Ensure apache2 is running
   service: name=apache2 state=started
-  when: ${with_apache2}
+  when: with_apache2

roles/webserver/tasks/fpm.yml

@@ -1,31 +1,31 @@
 - name: Install php5-fpm package
   apt: pkg=php5-fpm state=installed update_cache=yes
-  when: ${with_fpm}
+  when: with_fpm
 
 - name: Install php5-fpm init script config file
   template: src=fpm/default.j2 dest=/etc/default/php5-fpm owner=root group=root mode=0644
   notify:
       - Restart php5-fpm
-  when: ${with_fpm}
+  when: with_fpm
 
 - name: Install php5-fpm configuration file
   template: src=fpm/php-fpm-custom.conf.j2 dest=/etc/php5/fpm/php-fpm-custom.conf owner=root group=root mode=0644
   notify:
       - Restart php5-fpm
-  when: ${with_fpm}
+  when: with_fpm
 
 - name: Install nginx config files for php5-fpm (fpm servers pool)
   template: src=fpm/nginx/fpm-pool.conf.j2 dest=/etc/nginx/conf.d/fpm-pool.conf owner=root group=root mode=0644
   notify:
       - Reload nginx
-  when: ${with_fpm} and ${with_nginx}
+  when: with_fpm and with_nginx
 
 - name: Install nginx config files for php5-fpm (fpm fastcgi config)
   template: src=fpm/nginx/fastcgi_pass_fpm.j2 dest=/etc/nginx/fastcgi_pass_fpm owner=root group=root mode=0644
   notify:
       - Reload nginx
-  when: ${with_fpm} and ${with_nginx}
+  when: with_fpm and with_nginx
 
 - name: Ensure php5-fpm is running
   service: name=php5-fpm state=started
-  when: ${with_fpm}
+  when: with_fpm

roles/webserver/tasks/nginx.yml

@@ -1,29 +1,29 @@
 - name: Install nginx package
   apt: pkg=nginx state=installed update_cache=yes
-  when: ${with_nginx}
+  when: with_nginx
 
 - name: Install nginx default file configuration
   template: src=nginx/default.j2 dest=/etc/default/nginx owner=root group=root mode=0644
   notify:
     - Restart nginx
-  when: ${with_nginx}
+  when: with_nginx
 
 - name: Install nginx configuration
   template: src=nginx/nginx.conf.j2 dest=/etc/nginx/nginx.conf owner=root group=root mode=0644
   notify:
     - Restart nginx
-  when: ${with_nginx}
+  when: with_nginx
 
 - name: Install additional nginx configuration params (conf.d/)
-  template: src=nginx/conf.d/${item}.conf.j2 dest=/etc/nginx/conf.d/${item}.conf owner=root group=root mode=0644
+  template: src=nginx/conf.d/{{ item }}.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf owner=root group=root mode=0644
   with_items:
     - status
   notify:
     - Reload nginx
-  when: ${with_nginx}
+  when: with_nginx
 
 - name: Install additional nginx configuration params (vhost_*)
-  template: src=nginx/vhost_${item}.j2 dest=/etc/nginx/vhost_${item} owner=root group=root mode=0644
+  template: src=nginx/vhost_{{ item }}.j2 dest=/etc/nginx/vhost_{{ item }} owner=root group=root mode=0644
   with_items:
     - all
     - expires
@@ -31,36 +31,36 @@
     - protect-files
   notify:
     - Reload nginx
-  when: ${with_nginx}
+  when: with_nginx
 
 - name: Create basic authentication file for admin (nginx)
   template: src=nginx/auth_admin.j2 dest=/etc/nginx/auth_admin owner=root group=www-data mode=0640
-  when: ${with_nginx}
+  when: with_nginx
 
 - name: Install PHPMyAdmin virtual host for nginx (sites-available)
   template: src=nginx/pma_vhost.j2 dest=/etc/nginx/sites-available/pma owner=root group=root mode=0644
   notify:
     - Reload nginx
-  when: ${with_phpmyadmin} and ${with_nginx}
+  when: with_phpmyadmin and with_nginx
 
 - name: Install PHPMyAdmin virtual host for nginx (sites-enabled)
   file: src=/etc/nginx/sites-available/pma path=/etc/nginx/sites-enabled/pma state=link
   notify:
     - Reload nginx
-  when: ${with_phpmyadmin} and ${with_nginx}
+  when: with_phpmyadmin and with_nginx
 
 - name: Install PHP system checks virtual host for nginx (sites-available)
   template: src=nginx/sys_vhost.j2 dest=/etc/nginx/sites-available/sys owner=root group=root mode=0644
   notify:
     - Reload nginx
-  when: ${with_php} and ${with_nginx}
+  when: with_php and with_nginx
 
 - name: Install PHP system checks virtual host for nginx (sites-enabled)
   file: src=/etc/nginx/sites-available/sys path=/etc/nginx/sites-enabled/sys state=link
   notify:
     - Reload nginx
-  when: ${with_php} and ${with_nginx}
+  when: with_php and with_nginx
 
 - name: Ensure nginx is running
   service: name=nginx state=started
-  when: ${with_nginx}
+  when: with_nginx

roles/webserver/tasks/php.yml

@@ -1,5 +1,5 @@
 - name: Install common PHP dependencies
-  apt: pkg=${item} state=installed update_cache=yes
+  apt: pkg={{ item }} state=installed update_cache=yes
   with_items:
     - php5-cli
     - php5-curl
@@ -7,32 +7,32 @@
     - php5-intl
     - php5-mcrypt
     - php-mime-type
-  when: ${with_php}
+  when: with_php
 
-- name: Instal local PHP configuration
+- name: Install local PHP configuration
   template: src=php/php-config.ini.j2 dest=/etc/php5/conf.d/99-local-config.ini owner=root group=root mode=0644
-  when: ${with_php}
+  when: with_php
 
 - name: Create system checks directory /etc/php5/syscheck.d
   file: path=/etc/php5/syscheck.d owner=root group=root mode=0755 state=directory
-  when: ${with_php}
+  when: with_php
 
 - name: Install phpinfo system check
   template: src=php/phpinfo.php dest=/etc/php5/syscheck.d/index.php owner=root group=root mode=0644
-  when: ${with_php}
+  when: with_php
 
 - name: Install PHP APC extension
   apt: pkg=php-apc state=installed update_cache=yes
-  when: ${with_php_apc}
+  when: with_php_apc
 
 - name: Install php-apc system check
   template: src=php/apc.php dest=/etc/php5/syscheck.d/apc.php owner=root group=root mode=0644
-  when: ${with_php_apc}
+  when: with_php_apc
 
 - name: Install MySQL extension for PHP
   apt: pkg=php5-mysqlnd state=installed update_cache=yes
-  when: ${with_mysql} and ${with_php}
+  when: with_mysql and with_php
 
 - name: Install PHPMyAdmin
   apt: pkg=phpmyadmin state=installed update_cache=yes
-  when: ${with_phpmyadmin}
+  when: with_phpmyadmin