---
# Security hardening establishes secure foundation before web services
# - import_playbook: playbooks/security.yml

- name: Deploy Core Infrastructure
  hosts: arch-vps
  become: true
  gather_facts: true
  
  roles:
    # Infrastructure services
    # - role: postgresql
    #   tags: ['postgresql', 'infrastructure', 'database']
    # - role: valkey
    #   tags: ['valkey', 'redis', 'infrastructure', 'cache']
    # - role: podman
    #   tags: ['podman', 'containers', 'infrastructure']
    # - role: caddy
    #   tags: ['caddy', 'infrastructure', 'web']
    
    # Application services  
    # - role: sigvild-gallery
    #   tags: ['sigvild', 'gallery', 'wedding']
    # - role: gitea
    #   tags: ['gitea', 'git', 'development']
    - role: nextcloud
      tags: ['nextcloud']
    # - role: authentik
    #   tags: ['authentik']