---
- name: load provisioner facts
  hosts: internal
  gather_facts: false
  tasks:
    - name: include provisioner role
      ansible.builtin.include_role:
        name: nullified.infrastructure.provisioner
        tasks_from: load_facts.yml
        apply:
          tags: [always]
      tags: [always]

- name: setup internal infrastructure
  hosts: internal
  gather_facts: false
  tasks:
    - name: include security role
      ansible.builtin.include_role:
        name: nullified.infrastructure.security
        apply:
          tags: [security]
      tags: [security, firewall]
    - name: include common role
      ansible.builtin.include_role:
        name: nullified.infrastructure.common
        apply:
          tags: [common]
      tags: [common]

- name: setup servers
  hosts: internal:&server
  tasks:
    - name: include server role
      ansible.builtin.include_role:
        name: nullified.infrastructure.server
        apply:
          tags: [server]
      tags: [server]

- name: setup vault
  hosts: internal:&vault
  tasks:
    - name: include vault role
      ansible.builtin.include_role:
        name: nullified.infrastructure.vault
        apply:
          tags: [vault]
      tags: [vault]

- name: setup mariadb servers
  hosts: internal:&mariadb
  tasks:
    - name: include mariadb role
      ansible.builtin.include_role:
        name: nullified.infrastructure.mariadb
        apply:
          tags: [mariadb]
      tags: [mariadb]

- name: setup postgresql servers
  hosts: internal:&postgresql
  tasks:
    - name: include postgresql role
      ansible.builtin.include_role:
        name: nullified.infrastructure.postgresql
        apply:
          tags: [postgresql]
      tags: [postgresql]

- name: setup workstations
  hosts: internal:&workstation
  tasks:
    - name: include workstation role
      ansible.builtin.include_role:
        name: nullified.infrastructure.workstation
        apply:
          tags: [workstation]
      tags: [workstation]
    - name: include development role
      ansible.builtin.include_role:
        name: nullified.infrastructure.development
        apply:
          tags: [development]
      tags: [development]

- name: setup gaming tools
  hosts: internal:&gaming
  tasks:
    - name: include gaming role
      ansible.builtin.include_role:
        name: nullified.infrastructure.gaming
        apply:
          tags: [gaming]
      tags: [gaming]

# WARNING: OpenTofu states depend on setting up the postgresql database first
- name: install K3S
  hosts: internal:&k3s
  tasks:
    - name: include k3s role
      ansible.builtin.include_role:
        name: nullified.infrastructure.k3s
        apply:
          tags: [k3s]
      tags: [k3s, helm, opentofu]