---
# Valkey (Redis fork) Primary Setup
#
# Usage: ansible-playbook -i inventory.ini playbooks/valkey.yml
#
# Creates:
# - Valkey server on valkey-primary
# - Configured for Nebula network access
# - 16 databases (0-15) for multi-tenant use

- name: Setup Valkey Primary
  hosts: valkey-primary
  become: true
  vars_files:
    - ../vault/secrets.yml
  vars:
    valkey_maxmemory: "256mb"
    valkey_maxmemory_policy: "allkeys-lru"
  tasks:
    - name: Install valkey
      community.general.pacman:
        name: valkey
        state: present

    - name: Create systemd override directory
      file:
        path: /etc/systemd/system/valkey.service.d
        state: directory
        mode: '0755'

    - name: Add systemd override for ACL write access
      copy:
        dest: /etc/systemd/system/valkey.service.d/override.conf
        content: |
          [Service]
          ReadWritePaths=/etc/valkey
        mode: '0644'
      notify:
        - reload systemd
        - restart valkey

    - name: Deploy ACL file
      template:
        src: ../templates/valkey-acl.j2
        dest: /etc/valkey/users.acl
        owner: valkey
        group: valkey
        mode: '0600'
      notify: restart valkey

    - name: Deploy valkey.conf
      template:
        src: ../templates/valkey.conf.j2
        dest: /etc/valkey/valkey.conf
        owner: valkey
        group: valkey
        mode: '0640'
      notify: restart valkey

    - name: Start and enable valkey
      systemd:
        name: valkey
        state: started
        enabled: true

    - name: Wait for Valkey to be ready
      wait_for:
        host: "{{ nebula_ip }}"
        port: 6379
        timeout: 30

  handlers:
    - name: reload systemd
      systemd:
        daemon_reload: true

    - name: restart valkey
      systemd:
        name: valkey
        state: restarted