---
- name: Ensure base config is deployment on base_config_hosts
  hosts: base_config_hosts
  roles:
    - base_config

- name: Ensure deployment of infrastructure authorized keys
  hosts: infrastructure_authorized_keys_hosts
  roles:
    - infrastructure_authorized_keys

- name: Ensure Nextcloud config
  hosts: nextcloud_hosts
  roles:
    - nextcloud

- name: Ensure ola deployment on ola_hosts
  hosts: ola_hosts
  roles:
    - ola

- name: Ensure foobazdmx deployment on foobazdmx_hosts
  hosts: foobazdmx_hosts
  roles:
    - foobazdmx

- name: Ensure Dokuwiki config
  hosts: wiki_hosts
  roles:
    - dokuwiki

- name: Ensure NetBox deployment on netbox_hosts
  hosts: netbox_hosts
  roles:
    - netbox

- name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs
  hosts: nginx_hosts:&public_reverse_proxy_hosts
  roles:
    - nginx

- name: Ensure certbot and certificate deployment on certbot_hosts
  hosts: certbot_hosts
  roles:
    - certbot

- name: Ensure Docker Compose deployment on docker_compose_hosts
  hosts: docker_compose_hosts
  roles:
    - docker_compose

- name: Ensure NGINX deployment on nginx_hosts
  hosts: nginx_hosts:!public_reverse_proxy_hosts
  roles:
    - nginx

- name: Ensure prometheus_node_exporter deployment on prometheus_node_exporter_hosts
  hosts: prometheus_node_exporter_hosts
  roles:
    - prometheus_node_exporter

- name: Configure unattended upgrades for all non-hypervisors
  hosts: all:!hypervisors
  become: true
  roles:
    - role: debops.debops.unattended_upgrades
      vars:
        unattended_upgrades__origins:
          - "o=${distro_id},n=${distro_codename}"
          - "o=Docker,n=${distro_codename}"
          - "o=nginx,n=${distro_codename}"

- name: Run ensure_eh22_styleguide_dir Playbook
  ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml