- hosts: all
  roles:
    - base
    - role: realorangeone.reflector
      when: ansible_os_family == 'Archlinux'

- hosts: casey
  roles:
    - gateway
    - nebula
    - fail2ban_ssh

- hosts:
    - pve
    - casey
    - ingress
    - qbittorrent
    - walker
    - grimes
  roles:
    - role: geerlingguy.ntp
      become: true
      vars:
        ntp_timezone: "{{ TZ }}"
        ntp_manage_config: true

- hosts:
    - pve-docker
    - forrest
    - walker
    - pve-gitlab-runner
    - grimes
  roles:
    - role: geerlingguy.docker
      become: true
      vars:
        docker_install_compose: "{{ ansible_os_family == 'Debian' }}"
        docker_package: "{{ 'docker-ce' if ansible_os_family == 'Debian' else 'docker' }}"
        docker_users:
          - "{{ user }}"
    - docker_cleanup

- hosts:
    - pve-docker
    - walker
  roles:
    - traefik

- hosts: pve-docker
  roles:
    - pve_docker
    - yourls
    - pve_nebula_route
    - privatebin
    - vaultwarden

- hosts: ingress
  roles:
    - role: chmduquesne.iptables_persistent
      become: true
    - ingress
    - nebula

- hosts: pve
  roles:
    - role: proxmox-nag-removal
      become: true
    - pve
    - zfs
    - pve_nebula_route
    - telegraf

- hosts: forrest
  roles:
    - forrest
    - pve_nebula_route

- hosts: qbittorrent
  roles:
    - qbittorrent

- hosts: walker
  roles:
    - nebula
    - upload
    - plausible
    - pages
    - restic

- hosts: jellyfin
  roles:
    - jellyfin

- hosts: restic
  roles:
    - restic

- hosts: pve-gitlab
  roles:
    - gitlab

- hosts: pve-gitlab-runner
  roles:
    - gitlab_runner

- hosts: grimes
  roles:
    - nebula
    - role: dokku_bot.ansible_dokku
      become: true