---
- hosts: all
  become: true
  vars:
    resolv_nameservers:
      - 10.0.1.1
  roles:
    - lifeofguenter.resolvconf
    - hifis.toolkit.unattended_upgrades
  tasks:
    - import_tasks: ./tasks/provisioning/debian.yml

- hosts: vm
  become: true
  tasks:
    - import_tasks: ./tasks/provisioning/vm.yml

- hosts: lxc
  become: true
  tasks:
    - import_tasks: ./tasks/provisioning/lxc.yml

- hosts: docker
  become: true
  vars:
    docker_users:
      - fern
  roles:
    - geerlingguy.docker

- hosts: nfs-server
  become: true
  tasks:
    - import_tasks: ./tasks/provisioning/mount-hdds.yml

- hosts: nfs-server
  become: true
  vars:
    nfs_exports: [
      "/export/film 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
      "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
      "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)"
    ]
  roles:
    - geerlingguy.nfs

- hosts: nfs-client
  become: true
  tasks:
    - import_tasks: ./tasks/provisioning/nfs-client.yml

- hosts: all
  become: true
  vars:
    sshd_config_file: /etc/ssh/sshd_config
  tasks:
    - import_tasks: ./tasks/provisioning/post-install.yml
  handlers:
  - name: restart sshd
    service:
      name: sshd
      state: restarted