---
- name: Prepare connection and variables
  hosts: "{{ lookup('env', 'MOLECULE_GROUP') | default('all', true) }}"
  gather_facts: true
  roles:
    - roles/system/prepare
    - roles/system/connect

- name: Provision the firewall and network controller
  hosts: pfsense
  roles:
    - roles/misc/pfsense

- name: Setup the IDS
  hosts: seconion
  roles:
    - roles/misc/seconion

- name: Setup VM controller and network
  hosts: maas
  roles:
    - roles/misc/maas

- name: Configure systems with common settings and applications
  hosts: "{{ lookup('env', 'MOLECULE_GROUP') | default('all:!pfsense:!seconion', true) }}"
  roles:
    - roles/system/wsl
    - roles/system/dns
    - roles/system/hosts
    - roles/system/ssh
    - roles/system/common
    - roles/system/security
    # - roles/system/firewall
    - roles/system/debloat
    - roles/services/sshtarpit
    - roles/system/fuse
    - roles/system/disks
    - roles/system/homebrew
    - roles/system/dotfiles
    - roles/system/vpn
    - roles/system/motd
    - roles/system/snapd
    - roles/tools/mas
    - roles/languages/nodejs
    - roles/languages/go
    - roles/languages/java
    - roles/languages/sdkman
    - roles/languages/deno
    - roles/languages/php
    - roles/languages/composer
    - roles/languages/ruby
    - roles/languages/pip
    - roles/languages/rust
    - roles/languages/asdf
    - roles/services/antivirus
    - roles/services/cloudflare
    - roles/services/cockpit
    - roles/services/cups
    - roles/services/dnsmasq
    - roles/services/elasticagent
    - roles/services/goofys
    - roles/services/netdata
    - roles/services/nginx
    - roles/services/gitlabrunner
    - roles/services/rclone
    - roles/services/restic
    - roles/services/samba
    - roles/services/tailscale
    # - roles/services/tor
    - roles/services/wazuh
    - roles/virtualization/docker
    - roles/virtualization/kvm
    - roles/virtualization/lxdc
    - roles/virtualization/gitdocker
    - roles/virtualization/gvisor
    - roles/virtualization/swarm
    - roles/system/warp
    - roles/system/santa
    - roles/system/glusterfs
    - roles/system/rear
    - roles/system/sanoid
    - roles/system/timeshift

- name: Install desktop software
  hosts: "{{ lookup('env', 'MOLECULE_GROUP') | default('desktop', true) }}"
  roles:
    # - roles/helpers/installer
    - roles/languages/cocoapods
    - roles/virtualization/dockerpushrm
    - roles/virtualization/dockerslim
    - roles/virtualization/kubernetes
    - roles/virtualization/vagrant
    - roles/virtualization/virtualbox
    - roles/virtualization/vmware
    # - roles/cloud/heroku
    - roles/applications/androidstudio
    - roles/applications/appium
    - roles/applications/autokey
    - roles/applications/bravebrowser
    - roles/applications/chrome
    - roles/applications/etcher
    - roles/applications/filezilla
    - roles/applications/firefox
    - roles/applications/gimp
    - roles/applications/gitkraken
    - roles/applications/hyper
    - roles/applications/inkscape
    - roles/applications/intellij
    - roles/applications/iterm2
    - roles/applications/keybase
    - roles/applications/kodi
    - roles/applications/lens
    - roles/applications/lollypop
    - roles/applications/mailspring
    - roles/applications/microsoftedge
    - roles/applications/microsofttodo
    - roles/applications/office
    - roles/applications/onionshare
    - roles/applications/peek
    - roles/applications/plex
    - roles/applications/postman
    - roles/applications/proton
    - roles/applications/qbittorrent
    - roles/applications/raspberryimager
    - roles/applications/rdm
    - roles/applications/remotedesktop
    - roles/applications/sharex
    - roles/applications/shotcut
    - roles/applications/shotwell
    - roles/applications/skype
    - roles/applications/tabby
    - roles/applications/teams
    - roles/applications/teamviewer
    - roles/applications/visualstudio
    - roles/applications/vlc
    - roles/applications/vscode
    - roles/applications/wireshark
    - roles/applications/xcode
    - roles/applications/zoom
    - roles/tools/aria
    - roles/tools/beets
    - roles/tools/bw
    - roles/tools/fig
    - roles/tools/fpm
    - roles/tools/ghorg
    - roles/tools/gist
    - roles/tools/gitextras
    - roles/tools/gitfuzzy
    - roles/tools/gitstats
    - roles/tools/glances
    - roles/tools/googlecloudsdk
    - roles/tools/lexicon
    - roles/tools/multipass
    - roles/tools/nomad
    - roles/tools/normit
    - roles/tools/poetry
    - roles/tools/powershell
    - roles/tools/quasar
    - roles/tools/recoverpy
    - roles/tools/s5cmd
    - roles/tools/scrcpy
    - roles/tools/shdoc
    - roles/tools/slackterm
    - roles/tools/sysdig
    - roles/tools/wails
    - roles/tools/windowsadk
    - roles/tools/windowsadmincenter
    - roles/tools/wpcli
    - roles/tools/yubikey
    - roles/tools/zoxide
    - roles/crypto/ledgerlive
    - roles/crypto/monero
    - roles/services/googleassistant
    - roles/services/guacamole
    - roles/services/portmaster
    - roles/services/snitch
    - roles/system/extensions
    - roles/system/santa
    - roles/system/desktop

- name: Finish configuring systems
  hosts: "{{ lookup('env', 'MOLECULE_GROUP') | default('all:!pfsense:!seconion', true) }}"
  roles:
    # - roles/misc/easyengine
    # - roles/misc/hosthomepage
    - roles/system/mackup
    - roles/system/finish