---

- name: "prepare postgres ssl hosts list"
  hosts: archlinux.org
  tasks:
    - name: assign ipv4 addresses to fact postgres_hosts4
      set_fact: postgres_hosts4="{{ [gemini4] + detected_ips }}"
      vars:
        gemini4: "{{ hostvars['gemini.archlinux.org']['wireguard_address'] }}/32"
        detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['wireguard_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
      tags: ["postgres", "firewall"]

- name: setup archlinux.org
  hosts: archlinux.org
  remote_user: root
  roles:
    - { role: common }
    - { role: sshd }
    - { role: root_ssh }
    - { role: borg_client, tags: ["borg"] }
    - { role: certbot }
    - { role: nginx }
    - { role: postfix_null }
    - role: postgres
      postgres_listen_addresses: "localhost, {{ wireguard_address }}"
      postgres_firewalld_zone: wireguard
    - { role: sudo }
    - { role: uwsgi }
    - { role: memcached }
    - { role: fetchmail }
    - { role: archweb, archweb_planet: true }
    - { role: fail2ban }
    - { role: prometheus_exporters }
    - { role: promtail }
    - { role: wireguard }