diff --git a/README.rst b/README.rst
index 5d2e761d71f283708e2dfe123d8a123b3ce7ecc7..0363abb7328e3ab4b4f41cf7a90db64cd849d378 100644
--- a/README.rst
+++ b/README.rst
@@ -1,41 +1,61 @@
-Role Name
-=========
+ansible-mysql
+#############
 
-A brief description of the role goes here.
+An Ansible role to install and configure a MySQL server. The role creates an
+admin account, force SSL usage, configures UFW and daily backup.
 
 Requirements
 ------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+Debian Wheezy or later (Ubuntu Precise or later should probably work, but it's
+untested).
 
 Role Variables
 --------------
+::
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+    mysql_admin_password: #The password for the admin account.
 
 Dependencies
 ------------
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+`Common role <https://www.shore.co.il/cgit/ansible-common/>`_
 
 Example Playbook
 ----------------
-
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+::
 
     - hosts: servers
       roles:
-         - { role: username.rolename, x: 42 }
+      - role: mysql
+        mysql_admin_password: qwerty123
+
+Example requirements.yml
+------------------------
+::
+
+    - src: https://www.shore.co.il/cgit/ansible-common
+      scm: git
+      path: roles/
+      name: common
+
+    - src: https://www.shore.co.il/cgit/ansible-mysql
+      scm: git
+      path: roles/
+      name: mysql
 
 License
 -------
 
-BSD
+This software is licnesed under the MIT licese (see the ``LICENSE.txt`` file).
 
 Author Information
 ------------------
 
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+Nimrod Adar, `contact me <nimrod@shore.co.il>`_ or visit my `website
+<https://www.shore.co.il/>`_. Patches are welcome via `git send-email
+<http://git-scm.com/book/en/v2/Git-Commands-Email>`_. The repository is located
+at: https://www.shore.co.il/cgit/.
 
 TODO
 ----
diff --git a/defaults/main.yml b/defaults/main.yml
index 62a8485e4e404be417f18143eb8e89f24045e5b4..405745f6b9fa1cb430f7fa2f1e063d80d8e7c20b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,4 @@
 ---
 # defaults file for ansible-mysql
 
-mysql_root_password:
+mysql_admin_password:
diff --git a/handlers/main.yml b/handlers/main.yml
index d38c23818dc121498c023e604199e587a2bbe124..e10199486aee7c00c9bad28f461c23b414fe92cf 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,2 +1,7 @@
 ---
 # handlers file for ansible-mysql
+
+- name: Restart MySQL
+  service:
+    name: mysql
+    state: restarted
diff --git a/meta/main.yml b/meta/main.yml
index e4a73369cca28057b06abed32185ef203f99e477..96d80dabf6f82538774e95919cf457e1e719a637 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,32 +1,20 @@
 ---
 galaxy_info:
-  author: your name
-  description:
-  company: your company (optional)
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-  # Some suggested licenses:
-  # - BSD (default)
-  # - MIT
-  # - GPLv2
-  # - GPLv3
-  # - Apache
-  # - CC-BY
-  license: license (GPLv2, CC-BY, etc)
-  min_ansible_version: 1.2
-  #
-  # Below are all platforms currently available. Just uncomment
-  # the ones that apply to your role. If you don't see your
-  # platform on this list, let us know and we'll get it added!
-  #
-  #platforms:
-  #
-  # Below are all categories currently available. Just as with
-  # the platforms above, uncomment those that apply to your role.
-  #
-  #categories:
-dependencies: []
-  # List your role dependencies here, one per line.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.
+  author: Nimrod Adar
+  description: MySQL role. For more information read the README file.
+  company: Shore technologies
+  license: MIT
+  min_ansible_version: 1.9
+  platforms:
+  - name: Debian
+    versions:
+    - jessie
+    - wheezy
+  - name: Ubuntu
+    versions:
+    - precise
+    - trusty
+  categories:
+    - database
+dependencies:
+- role: common
diff --git a/tasks/main.yml b/tasks/main.yml
index bc3f061d24cc4eee5bdc86647bf2654959d1c576..85a3ca83e51172adbb40e5fccd1d8a7a938c5fd1 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,18 +1,6 @@
 ---
 # tasks file for ansible-mysql
 
-- name: Preseed (always changes)
-  when: mysql_root_password is defined
-  debconf:
-    name: mysql-server-5.5
-    question: '{{ item }}'
-    vtype: password
-    value: '{{ mysql_root_password }}'
-  with_items:
-    - mysql-server/root_password
-    - mysql-server/root_password_again
-  register: mysql_debconf
-
 - name: apt install
   apt:
     name: '{{ item }}'
@@ -20,14 +8,68 @@
     update_cache: yes
     cache_valid_time: 3600
   with_items:
-    - mysql-server-5.5
-    - mysql-client-5.5
+    - mysql-server
+    - mysql-client
     - python-mysqldb
     - cron
 
-- name: Reconfigure (if needed)
-  when: mysql_debconf.changed
-  command: /usr/sbin/dpkg-reconfigure --frontend noninteractive mysql-server-5.5
+- name: Allow MySQL access to the TLS cert and key
+  user:
+    append: yes
+    groups: ssl-cert
+    name: mysql
+  notify:
+    - Restart MySQL
+
+- name: Configure
+  with_dict:
+    'ssl-ca': /etc/ssl/certs/ca-certificates.crt
+    'ssl-cert': '{{ tls_cert_path }}'
+    'ssl-key': '{{ tls_key_path }}'
+    'bind-address': '0.0.0.0'
+  ini_file:
+    dest: /etc/mysql/my.cnf
+    owner: root
+    group: root
+    mode: '0644'
+    section: mysqld
+    option: '{{ item.key }}'
+    value: '{{ item.value }}'
+  notify:
+  - Restart MySQL
+
+- name: Log to syslog
+  lineinfile:
+    dest: /etc/mysql/my.cnf
+    owner: root
+    group: root
+    mode: '0644'
+    line: 'syslog'
+    insertafter: '[mysqld_safe]'
+  notify:
+  - Restart MySQL
+
+- name: Add admin account
+  mysql_user:
+    name: admin
+    host: '%'
+    password: '{{ mysql_admin_password }}'
+    priv: '*.*:ALL,GRANT'
+    state: present
+
+- name: Require SSL for admin account
+  mysql_user:
+    name: admin
+    host: '%'
+    append_privs: True
+    priv: '*.*:REQUIRESSL'
+    state: present
+
+- name: Allow MySQL in firewall
+  ufw:
+    rule: allow
+    port: 3306
+    proto: tcp
 
 - name: Add daily backup job
   copy:
@@ -36,3 +78,11 @@
     owner: root
     group: root
     mode: '0755'
+
+- meta: flush_handlers
+
+- name: Wait for service to come online
+  wait_for:
+    host: '{{ ansible_default_ipv4["address"] }}'
+    port: 3306
+    state: started