---

- include_tasks: install_{{ ansible_os_family }}.yml
  tags: always

- name: Deploy global patrix config
  template: src=patrixrc.j2 dest=/etc/patrixrc mode=640
  tags: patrix

- name: Set ACL on patrixrc config
  shell: |
    setfacl -b /etc/patrixrc
    setfacl -m {% for group in system_admin_groups %}g:{{ group }}:r{{ ',' if not loop.last }}{% endfor %} /etc/patrixrc
  when: system_admin_groups is defined and system_admin_groups | length > 0
  changed_when: False
  failed_when: False # Do not fail if eg, the FS doesn't support ACL
  tags: patrix
...