- hosts:
    - all
  roles:
    - lusers
    - superusers
    - packages
    - trygvis-base
#    - ufw

- import_playbook: nftables.yml

- hosts:
    - knot
  roles:
    - postfix
    - dovecot
    - bind

- hosts:
    - all !knot
  roles:
    - postfix-satellite
  vars:
    username: "{{ ansible_hostname }}.trygvis.io"
    postfix:
      sasl_password:
        - host: "[trygvis.io]:587"
          username: "{{ username }}"
          password: "{{ dovecot__passwords[username] }}"

  tasks:
    - tags: postfix-satellite
      become: yes
      lineinfile:
        dest: /etc/postfix/sasl_passwd
        state: absent
        regex: "^\\[knot.trygvis.io\\]"

- hosts:
    - linode-dns-update
  roles:
    - linode-dns-update

- import_playbook: lxc-host.yml

- hosts:
    - borg_clients
  roles:
    - borg-client

- import_playbook: wireguard.yml