rick-infra/roles/valkey/tasks/main.yml

---
# Valkey Infrastructure Role - Simplified Tasks

- name: Install Valkey 
  pacman:
    name: valkey
    state: present

# Note: Arch Linux's redis package (which provides Valkey) creates the 'valkey' user automatically
# We don't need to create users - just ensure data directory permissions

- name: Create Valkey configuration directory
  file:
    path: /etc/valkey
    state: directory
    mode: '0755'

- name: Check if Valkey data directory exists
  stat:
    path: "/var/lib/valkey"
  register: valkey_data_dir

- name: Ensure Valkey data directory permissions
  file:
    path: /var/lib/valkey
    state: directory
    owner: valkey
    group: valkey
    mode: '0750'

- name: Create Valkey Unix socket directory
  file:
    path: "{{ valkey_unix_socket_path | dirname }}"
    state: directory
    owner: valkey
    group: valkey
    mode: '0775'
  when: valkey_unix_socket_enabled

- name: Ensure socket directory is accessible
  file:
    path: "{{ valkey_unix_socket_path | dirname }}"
    owner: valkey
    group: valkey
    mode: '0775'
    recurse: yes
  when: valkey_unix_socket_enabled

- name: Deploy Valkey configuration file
  template:
    src: valkey.conf.j2
    dest: /etc/valkey/valkey.conf
    owner: valkey
    group: valkey
    mode: '0640'
    backup: yes
  notify: restart valkey

- name: Create systemd override directory for Valkey security
  file:
    path: /etc/systemd/system/valkey.service.d
    state: directory
    mode: '0755'
  when: valkey_systemd_security

- name: Deploy Valkey systemd security override
  template:
    src: systemd-override.conf.j2
    dest: /etc/systemd/system/valkey.service.d/override.conf
    mode: '0644'
  when: valkey_systemd_security
  notify:
    - reload systemd
    - restart valkey

- name: Enable and start Valkey service
  systemd:
    name: valkey
    enabled: "{{ valkey_service_enabled }}"
    state: "{{ valkey_service_state }}"
    daemon_reload: true
  register: valkey_service_result

- name: Wait for Valkey to be ready (TCP)
  wait_for:
    port: "{{ valkey_port }}"
    host: "{{ valkey_bind }}"
    timeout: 30
  when: valkey_service_state == "started" and not valkey_unix_socket_enabled

- name: Wait for Valkey socket file to exist
  wait_for:
    path: "{{ valkey_unix_socket_path }}"
    timeout: 30
  when: valkey_service_state == "started" and valkey_unix_socket_enabled

- name: Wait for Valkey to be ready (Unix Socket) - Try without auth first
  command: redis-cli -s {{ valkey_unix_socket_path }} ping
  register: valkey_socket_ping_noauth
  until: >
    valkey_socket_ping_noauth.stdout == "PONG" or 
    "NOAUTH" in (valkey_socket_ping_noauth.stdout + valkey_socket_ping_noauth.stderr)
  retries: 15
  delay: 2
  changed_when: false
  failed_when: false
  when: valkey_service_state == "started" and valkey_unix_socket_enabled

- name: Wait for Valkey to be ready (Unix Socket) - Try with auth if needed
  command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_requirepass }} ping
  register: valkey_socket_ping_auth
  until: valkey_socket_ping_auth.stdout == "PONG"
  retries: 5
  delay: 2
  changed_when: false
  failed_when: valkey_socket_ping_auth.rc != 0
  when: >
    valkey_service_state == "started" and valkey_unix_socket_enabled and 
    (valkey_socket_ping_noauth.stdout != "PONG") and
    ("NOAUTH" in (valkey_socket_ping_noauth.stdout + valkey_socket_ping_noauth.stderr) or valkey_socket_ping_noauth.rc != 0)

- name: Test Valkey connectivity (TCP)
  command: redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_requirepass }} ping
  register: valkey_ping_result_tcp
  changed_when: false
  failed_when: valkey_ping_result_tcp.stdout != "PONG"
  when: valkey_service_state == "started" and not valkey_unix_socket_enabled

- name: Test Valkey connectivity (Unix Socket)
  command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_requirepass }} ping
  register: valkey_ping_result_socket
  changed_when: false
  failed_when: valkey_ping_result_socket.stdout != "PONG"
  when: valkey_service_state == "started" and valkey_unix_socket_enabled

- name: Display Valkey infrastructure status
  debug:
    msg: |
      ✅ Valkey infrastructure ready!
      
      📡 Service: {% if valkey_unix_socket_enabled %}Unix Socket ({{ valkey_unix_socket_path }}){% else %}{{ valkey_bind }}:{{ valkey_port }}{% endif %}
      🔒 Auth: Password protected
      💾 Persistence: {{ 'RDB enabled' if valkey_save_enabled else 'Memory only' }}
      🗄️ Databases: {{ valkey_databases }} available (0-{{ valkey_databases - 1 }})
      
      🏗️ Ready for applications to configure Valkey usage
      
      📋 Application Integration:
      - Use database numbers 1-{{ valkey_databases - 1 }} for applications
      - Database 0 reserved for system/testing
      - {% if valkey_unix_socket_enabled %}Unix socket: {{ valkey_unix_socket_path }}{% else %}TCP: {{ valkey_bind }}:{{ valkey_port }}{% endif %}
      - Redis-compatible: applications can use REDIS_* or VALKEY_* env vars