---
# Core infrastructure deployment with security hardening first

# Security hardening establishes secure foundation before web services
# - import_playbook: playbooks/security.yml

- name: Deploy Core Infrastructure
  hosts: arch-vps
  become: yes
  gather_facts: yes
  
  roles:
    # Infrastructure services
    - role: postgresql
      tags: ['postgresql', 'infrastructure', 'database']
    # - role: caddy
    #   tags: ['caddy', 'infrastructure', 'web']
    
    # Application services  
    - role: sigvild-gallery
      tags: ['sigvild', 'gallery', 'wedding']
  
  post_tasks:
    - name: Verify Caddy API is accessible
      uri:
        url: "http://{{ caddy_admin_listen }}/config/"
        method: GET
        status_code: 200
      retries: 5
      delay: 2

    - name: Display infrastructure status
      debug:
        msg: |
          ✅ Core infrastructure deployment completed!
          
          🌐 Primary domain: {{ caddy_domain }}
          🔒 HTTPS: {{ 'Enabled with DNS challenge (' + caddy_dns_provider + ')' if caddy_dns_provider else 'Enabled with HTTP challenge' }}
          🚀 API registration: {{ 'Ready' if caddy_api_enabled else 'Disabled' }}
          
          📍 Admin API: http://{{ caddy_admin_listen }} (localhost only)
          📁 Web root: {{ caddy_web_root }}
          📝 Logs: {{ caddy_log_dir }}
          
           📖 Documentation: docs/caddy-api-registration.md