- hosts:
    - all
  roles:
    - lusers
    - superusers
    - role: packages
      tags: packages
      become: yes
    - trygvis-base
    - role: apt-repos
      tags: apt-repos
      become: yes
#    - ufw

- hosts:
    - knot
  roles:
    - postfix
    - dovecot
    - bind

- hosts:
    - all !knot
  roles:
    - postfix-satellite
  vars:
    username: "{{ ansible_hostname }}.trygvis.io"
    postfix:
      sasl_password:
        - host: "[trygvis.io]:587"
          username: "{{ username }}"
          password: "{{ dovecot__passwords[username] }}"

  tasks:
    - tags: postfix-satellite
      become: yes
      lineinfile:
        dest: /etc/postfix/sasl_passwd
        state: absent
        regex: "^\\[knot.trygvis.io\\]"

- hosts:
    - linode-dns-update
  roles:
    - linode-dns-update

- hosts:
    - birgitte
  roles:
    - role: systemd-networkd
      tags: systemd-networkd
      become: yes

- import_playbook: nftables.yml
- import_playbook: lxc-host.yml
- import_playbook: wireguard.yml
- import_playbook: unifi.yml