- name: Common host foundation
  hosts: nas:services:workstation
  become: true
  roles:
    - role: base_os
      tags: base_os
    - role: firewall_base
      tags: firewall_base
    - role: cli_productivity
      tags: cli_productivity
    - role: tailscale
      tags: tailscale
      when: tailscale_enabled | bool

- name: Shared storage clients
  hosts: nfs_clients
  become: true
  roles:
    - role: nfs_client
      tags: nfs_client

- name: Storage services
  hosts: nas
  become: true
  roles:
    - role: storage_client
      tags: storage_client
    - role: nfs_server
      tags: nfs_server
      
- name: Containers stack
  hosts: nas:services
  become: true
  roles:
    - role: container_runtime
      tags: container_runtime
    - role: selinux_containers
      tags: selinux_containers

- name: VPN
  hosts: vpn_hosts
  become: true
  roles:
    - role: vpn
      tags: vpn

- name: Postgres stack
  hosts: postgres_hosts
  become: true
  roles:
    - role: postgres
      tags: postgres

- name: Matrix stack
  hosts: matrix_hosts
  become: true
  roles:
    - role: matrix_synapse
      tags: matrix
      when: matrix_enabled | bool

- name: Coturn stack
  hosts: coturn_hosts
  become: true
  roles:
    - role: coturn
      tags: coturn

- name: Media services
  hosts: media
  become: true
  roles:
    - role: jellyfin
      tags: jellyfin

- name: Notes stack
  hosts: notes_hosts
  become: true
  roles:
    - role: trilium
      tags: trilium

- name: Servarr stack
  hosts: servarr_hosts
  become: true
  roles:
    - role: servarr
      tags: servarr

- name: DNS and reverse proxy
  hosts: services
  become: true
  roles:
    - role: adguard
      tags: adguard
    - role: caddy
      tags: caddy

- name: ML workloads
  hosts: ml_hosts
  become: true
  roles:
  # Future roles:
  # - role: immich_ml
  #   tags: immich_ml
  # - role: whisper
  #   tags: whisper