all:
  children:
    all_servers:
      hosts:
        reverseproxy:
          ansible_host: 172.16.9.117
          ansible_user: root
        application:
          ansible_host: 172.16.19.121
          ansible_user: root
        storage:
          ansible_host: 172.16.19.122
          ansible_user: root
        turn:
          ansible_host: 172.16.9.118
          ansible_user: root

    traefik_servers:
      children:
        traefik_servers_dmz:
        traefik_servers_backend:

    # Public-facing DMZ reverse proxy (file provider mode)
    traefik_servers_dmz:
      hosts:
        reverseproxy:

    # Hosts that run a local Traefik in docker-provider mode.
    # The turn host runs one too, so the signaling stack's container labels
    # get picked up. coturn sits next to it via host networking on alternate
    # ports (3478/5349) and does not collide.
    traefik_servers_backend:
      hosts:
        application:
        turn:

    # backend_servers feeds the DMZ proxy's exposed-services aggregation.
    # Including the turn host here lets it advertise signaling.digitalboard.ch
    # via traefik_dmz_exposed_services.
    backend_servers:
      hosts:
        application:
        storage:
        turn:

    garage_servers:
      hosts:
        storage:

    nextcloud_servers:
      hosts:
        application:

    opencloud_servers:
      hosts:
        application:

    collabora_servers:
      hosts:
        application:

    drawio_servers:
      hosts:
        application:

    authentik_servers:
      hosts:
        application:

    # --- Talk: TURN + HPB collocated on the turn host ---
    turn_servers:
      hosts:
        turn:

    talk_signaling_servers:
      hosts:
        turn: