---
- hosts: all
  roles:
    - role: setup_base_system
    - role: lifeofguenter.resolvconf
      vars:
        resolv_nameservers:
          - 10.0.1.111
    - role: hifis.toolkit.unattended_upgrades
      become: true
    - role: hussainweb.chezmoi
      vars:
        chezmoi_init_url: https://git.fern.garden/fern/dots

- hosts: all
  roles:
    - role: install_standard_packages

- hosts: all
  roles:
    - role: setup_user

- hosts: virtual_machines
  roles:
    - role: setup_virtual_machine

- hosts: docker
  roles:
    - role: geerlingguy.docker
      become: yes
      vars:
        docker_users:
          - fern

- hosts: nfs_servers
  roles:
    - role: setup_nfs_server
    - role: geerlingguy.nfs
      vars:
        nfs_exports: [
          "/export/film 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)",
          "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)",
          "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)",
        ]

- hosts: nfs_clients
  roles:
    - role: setup_nfs_client

- hosts: jellyfin.local
  roles:
    - role: tomhesse.jellyfin
  tasks:
    - name: Ensure Jellyfin user is a member of the media group
      become: yes
      tags:
        - media_group
      ansible.builtin.user:
        name: jellyfin
        groups: media
        append: yes

- hosts: weebill.local
  tasks:
    - name: Install Webone dependencies
      ansible.builtin.apt:
        deb: https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb
    - name: Install Webone
      ansible.builtin.apt:
        update_cache: yes
        deb: https://github.com/atauenis/webone/releases/download/v0.17.4/webone.0.17.4.linux-arm64.deb

- hosts: stash.local
  tasks:
    - name: Add user to render group
      become: yes
      ansible.builtin.user:
        name: fern
        groups: render
        append: yes

- hosts: all
  roles:
    - role: setup_sshd