---
# Deploy tunnel
- hosts: boeing.adm.crans.org,sputnik.adm.crans.org
  vars:
    # Debian mirror on adm
    debian_mirror: http://mirror.adm.crans.org/debian
  roles:
    - wireguard

# Deploy DHCP server
- hosts: dhcp.adm.crans.org
  vars:
    dhcp:
      authoritative: true
  roles:
    - isc-dhcp-server

# Deploy recursive DNS cache server
- hosts: odlyd.adm.crans.org
  roles:
    - bind-recursive

# Deplay authoritative DNS server
- hosts: sputnik.adm.crans.org
  roles:
    - bind-authoritative

# Deploy firewall
- hosts: gulp.adm.crans.org
  roles: []  # TODO

# Deploy Unifi Controller
- hosts: unifi.adm.crans.org
  roles:
    - unifi-controller

# Deploy Re2o
- hosts: otis.adm.crans.org
  vars:
    re2o:
      owner: root
      group: nounou
      version: dev_crans
      settings_local_owner: root
      settings_local_group: root
      db_password: "{{ vault_re2o_db_password }}"
      django_secret_key: "{{ vault_re2o_django_secret_key }}"
      aes_key: "{{ vault_re2o_aes_key }}"
    ldap:
      master_password: "{{ vault_ldap_master_password }}"
  roles:
    - re2o