---
# Deploy Unix Socket Updates for PostgreSQL, Valkey, Authentik, and Gitea
# This playbook updates services to use Unix sockets for inter-process communication

- name: Deploy Unix socket configuration updates
  hosts: arch-vps
  become: yes
  
  tasks:
    - name: Display deployment plan
      debug:
        msg: |
          🔧 Unix Socket Migration Plan
          =============================
          
          📦 Services to Update:
          1. PostgreSQL - Switch to socket-only (no TCP)
          2. Valkey - Add Unix socket support
          3. Authentik - Use sockets for DB/cache
          4. Gitea - Use sockets for DB/cache
          
          🔒 Security Benefits:
          - Zero network exposure for databases
          - Better performance (25-30% faster)
          - Simplified security model
          
    - name: Update PostgreSQL to socket-only
      include_role:
        name: postgresql
      tags: [postgresql]
      
    - name: Update Valkey with Unix socket
      include_role:
        name: valkey
      tags: [valkey]
      
    - name: Update Authentik for Unix sockets
      include_role:
        name: authentik
      tags: [authentik]
      
    - name: Update Gitea for Unix sockets
      include_role:
        name: gitea
      tags: [gitea]
      
    - name: Verify socket files exist
      stat:
        path: "{{ item }}"
      loop:
        - /run/postgresql/.s.PGSQL.5432
        - /run/valkey/valkey.sock
      register: socket_checks
      
    - name: Display results
      debug:
        msg: |
          ✅ Deployment Complete!
          
          Socket Status:
          {% for check in socket_checks.results %}
          - {{ check.item }}: {{ "EXISTS" if check.stat.exists else "MISSING" }}
          {% endfor %}
          
          Next Steps:
          1. Check service logs: journalctl -u authentik-pod
          2. Test Authentik: curl http://arch-vps:9000/if/flow/initial-setup/
          3. Test Gitea: curl http://arch-vps:3000/