---

- name: setup luna
  hosts: luna.archlinux.org
  remote_user: root
  tasks:
    - name: open firewall holes for services
      ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
      with_items:
        - http
        - https
        - rsyncd
        - smtp
        - git
      when: configure_firewall
      tags:
        - firewall

    - name: open firewall holes for ports
      ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
      with_items:
        - 6969/tcp
        - 4949/tcp
      when: configure_firewall
      tags:
        - firewall
  roles:
    - nginx
    - rspamd
    - { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
    - { role: prometheus_exporters }
    - { role: promtail }
# luna is hosting mailman lists; this postfix role does not cater to this yet
# TODO: make postfix role handle mailman config?
#    - { role: postfix, tags: ["postfix"], postfix_relayhost: "mail.archlinux.org" }