- name: Deploy common services
  hosts: all
  roles:
    - common
    - pydis-mtls
    - wireguard
    - munin-node

- name: Deploy services to Netcup nodes
  hosts: netcup
  roles:
    - certbot
    - ci-user
    - alloy
    - nftables
    - prometheus-node-exporter
    - fail2ban
    - podman
    - unattended-upgrades

- name: Deploy mailservers
  hosts: mail
  roles:
    - opendkim
    - opendmarc
    - opendmarc-inbox
    - sasl
    - dovecot
    - dovecot-monitoring
    - spamassassin
    - postfix
    - prometheus-postfix-exporter
    - role: dmarc_metrics_exporter
      vars:
        imap_username: "{{ dmarc_metrics_imap_username }}" # noqa: var-naming[no-role-prefix]
        imap_password: "{{ dmarc_metrics_imap_password }}" # noqa: var-naming[no-role-prefix]
        imap_host: "{{ dmarc_metrics_imap_host }}" # noqa: var-naming[no-role-prefix]
        folder_inbox: "{{ dmarc_metrics_folder_inbox }}" # noqa: var-naming[no-role-prefix]
        folder_done: "{{ dmarc_metrics_folder_done }}" # noqa: var-naming[no-role-prefix]
        folder_error: "{{ dmarc_metrics_folder_error }}" # noqa: var-naming[no-role-prefix]
        listen_addr: "{{ ansible_wg0.ipv4.address }}" # noqa: var-naming[no-role-prefix]
      tags:
        - role::dmarc-metrics-exporter

- name: Deploy our monitoring stack
  hosts: monitoring
  roles:
    - rrdstats
    - prometheus
    - prometheus-blackbox-exporter
    - munin

- name: Deploy nginx to hosts
  hosts: nginx
  roles:
    - nginx
    - nginx-geoip
    - nginx-cloudflare-mtls

- name: Deploy Git mirrors
  hosts: nginx
  roles:
    - git-mirrors

- name: Deploy our PostgreSQL database hosts
  hosts: databases
  roles:
    - postgres
    - prometheus-postgres-exporter

- name: Deploy our LDAP server environment to the LDAP host
  hosts: ldap
  roles:
    - ldap

- name: Deploy Jitsi
  hosts: jitsi
  roles:
    - jitsi