---
- hosts: all

  vars_files:
    - vars/apps.yml

  tasks:

    - include_role:
        name: yatesr.timezone
      vars:
        timezone: UTC

    - include_role:
        name: geerlingguy.security
      vars:
        security_ssh_permit_root_login: "yes"
        security_autoupdate_enabled: false
        security_fail2ban_enabled: false

    - include_role:
        name: geerlingguy.docker
      vars:
        docker_users: '{{ apps | map(attribute="username") | list }}'

    # - include_role:
    #     name: docker-app
    #   private: yes
    #   vars:
    #     username: '{{ app_item.username }}'
    #     ssh_keys: '{{ app_item.ssh_keys | default([]) }}'
    #     env: '{{ app_item.env | default({}) }}'
    #   with_items: '{{ apps }}'
    #   loop_control:
    #     loop_var: app_item