---
- hosts: sv
  become: yes

  gather_facts: no

  pre_tasks:
    - import_tasks: tasks/set_host.yml
      tags:
        - host
    - import_tasks: tasks/ssh_port.yml
      tags:
        - port
    - import_tasks: tasks/bootstrap.yml
      tags:
        - bootstrap

  roles:
    - role: system
      tags:
        - system
    
    - role: aur
      tags:
        - aur
      when: enable_aur

    - role: filesystems
      tags:
        - filesystems
      when: enable_filesystems

    - role: backup
      tags:
        - backup
      when: enable_backup

    - role: networking/connection
      tags:
        - connection
      when: enable_connection

    - role: firewall
      tags:
        - firewall
      when: enable_firewall

    - role: networking/ddclient
      tags:
        - ddclient
      when: enable_ddclient

    - role: networking/nameserver
      tags:
        - nameserver
      when: enable_nameserver

    - role: services/mail
      tags:
        - mail
      when: enable_mail

    - role: services/syncthing
      tags:
        - syncthing
      when: enable_syncthing

    # Main SSL certificate (with Let's Encrypt)
    - role: networking/ssl
      tags:
        - ssl
      acme_dir: "https://acme-v02.api.letsencrypt.org/directory"
      cert_name: "{{ domain }}"
      ssl_domains:
        - "{{ server_blocks.wiki.domain }}"
        - "{{ server_blocks.synapse.domain }}"
        - "{{ server_blocks.website.domain }}"
        - "{{ server_blocks.gitea.domain }}"
        - "{{ server_blocks.navidrome.domain }}"
      account_name: "letsencrypt"
      when: enable_ssl

    # SSL cert for dyndns_domain
    - role: networking/ssl
      tags:
        - ssl
      acme_dir: "https://acme-v02.api.letsencrypt.org/directory"
      ssl_domains:
        - "{{ dyndns_domain }}"
      account_name: "letsencrypt"
      when: enable_ssl and dyndns_domain != domain

    # ZeroSSL certificate for Coturn (see https://bugs.chromium.org/p/webrtc/issues/detail?id=11710)
    - role: networking/ssl
      tags:
        - ssl
      acme_dir: "https://acme.zerossl.com/v2/DV90"
      ssl_domains:
        - "{{ service_info.coturn.domain }}"
      acme_eab: {
        alg: HS256,
        key: "{{ zerossl_acme_eab_key }}",
        kid: "{{ zerossl_acme_eab_kid }}"
      }
      acme_email: "{{ zerossl_email }}"
      account_name: "zerossl"
      when: enable_ssl and enable_coturn

    - role: services/webserver
      tags:
        - webserver
      when: enable_webserver

    - role: services/gitea
      tags:
        - gitea
      when: enable_gitea

    - role: services/wiki
      tags:
        - wiki
      when: enable_wiki

    - role: services/navidrome
      tags:
        - navidrome
      when: enable_navidrome

    - role: services/coturn
      tags:
        - coturn
      when: enable_coturn

    - role: services/synapse
      tags:
        - synapse
      when: enable_synapse

    - role: services/website
      tags:
        - website
      when: enable_website

    - role: dotfiles
      tags:
        - dotfiles
      when: enable_dotfiles