---

- name: Include configuration for local repository
  import_playbook: playbooks/local.yml

- name: Configure secure root access to hosts
  hosts: bootstrap
  gather_facts: no
  tags:
    - bootstrap
  roles:
    - role: bootstrap

- name: Configure common roles expected by others
  hosts: common_roles
  roles:
    - role: hostname
      fqdn: "{{ inventory_hostname }}"
    - role: common
      tags:
        - common
    - role: fail2ban/application
    - role: account
      username: "{{ global_username }}"
      password: "{{ zocker_password }}"
      authorized_keys: "{{ zocker_authorized_keys_url }}"
      sudo: yes

# Enroll certain features not on ansible test/debug servers
- hosts: common_roles:!ansible_debug
  roles:
    - role: misc/ssh_tg_notify
      recipient_id: "{{ zocker_telegram_id }}"
      tags:
        - ssh_tg_notify

# Group specific configurations
- name: Include configuration for group bwcloud
  import_playbook: playbooks/group_bwcloud.yml
- name: Include configuration for group dev_surface3
  import_playbook: playbooks/group_dev_surface3.yml
- name: Include configuration for group os_raspbian
  import_playbook: playbooks/group_os_raspbian.yml

# Topic specific configurations
- name: Include dns configuration
  import_playbook: playbooks/dns.yml
#- name: Include wireguard network configuration
#  import_playbook: playbooks/wireguard.yml

# Host specific configurations
- name: Include configuration of nvak.banananet.work
  import_playbook: playbooks/host_nvak.banananet.work.yml
- name: Include configuration of hatoria.banananet.work
  import_playbook: playbooks/host_hatoria.banananet.work.yml
- name: Include configuration of rurapenthe.banananet.work
  import_playbook: playbooks/host_rurapenthe.banananet.work.yml

- hosts: hardie.eridon.banananet.work
  roles:
    - role: misc/ip_discover