---
- name: Deploy Infrastructure Stacks on Production Server
  hosts: production
  become: no
  gather_facts: yes

  vars:
    # All deployment variables are now defined in group_vars/production.yml
    # Variables can be overridden via -e flag if needed

  tasks:
    - name: Debug - Show variables
      debug:
        msg:
          - "stacks_base_path: {{ stacks_base_path | default('NOT SET') }}"
          - "deploy_user_home: {{ deploy_user_home | default('NOT SET') }}"
      when: false  # Only enable for debugging

    - name: Check if deployment stacks directory exists
      stat:
        path: "{{ stacks_base_path }}"
      register: stacks_dir

    - name: Fail if stacks directory doesn't exist
      fail:
        msg: "Deployment stacks directory not found at {{ stacks_base_path }}"
      when: not stacks_dir.stat.exists

    - name: Ensure system packages are up to date
      include_role:
        name: system
      when: system_update_packages | bool

    # Create external networks required by all stacks
    - name: Create traefik-public network
      community.docker.docker_network:
        name: traefik-public
        driver: bridge
        state: present

    - name: Create app-internal network
      community.docker.docker_network:
        name: app-internal
        driver: bridge
        state: present

    # 1. Deploy Traefik (Reverse Proxy & SSL)
    - name: Deploy Traefik stack
      import_role:
        name: traefik

    # 2. Deploy PostgreSQL (Database)
    - name: Deploy PostgreSQL stack
      import_role:
        name: postgresql

    # 3. Deploy Docker Registry (Private Registry)
    - name: Deploy Docker Registry stack
      import_role:
        name: registry

    # 4. Deploy DNS (CoreDNS for WireGuard clients)
    - name: Deploy DNS stack
      import_role:
        name: dns

    # 5. Deploy MinIO (Object Storage)
    - name: Deploy MinIO stack
      import_role:
        name: minio

    # 6. Deploy Gitea (CRITICAL - Git Server + MySQL + Redis)
    - name: Deploy Gitea stack
      import_role:
        name: gitea

    # 7. Deploy Monitoring (Portainer + Grafana + Prometheus)
    - name: Deploy Monitoring stack
      import_role:
        name: monitoring

    # Verification
    - name: List all running containers
      command: >
        docker ps --format 'table {{ "{{" }}.Names{{ "}}" }}\t{{ "{{" }}.Status{{ "}}" }}\t{{ "{{" }}.Ports{{ "}}" }}'
      register: docker_ps_output

    - name: Display running containers
      debug:
        msg: "{{ docker_ps_output.stdout_lines }}"

    - name: Verify Gitea accessibility via HTTPS
      uri:
        url: "https://{{ gitea_domain }}"
        method: GET
        validate_certs: no
        status_code: 200
        timeout: 10
      register: gitea_http_check
      ignore_errors: yes

    - name: Display Gitea accessibility status
      debug:
        msg: "Gitea HTTPS check: {{ 'SUCCESS' if gitea_http_check.status == 200 else 'FAILED - Status: ' + (gitea_http_check.status|string) }}"

    # 8. Deploy Application Stack
    - name: Deploy Application Stack
      import_role:
        name: application

    - name: Display application health status
      debug:
        msg: "Application health: {{ application_health_output if application_health_output != '' else 'All services healthy or starting' }}"

    - name: Display migration result
      debug:
        msg: |
          Migration Result:
          {{ application_migration_stdout if application_migration_stdout != '' else 'Migration may have failed - check logs with: docker compose -f ' + application_stack_dest + '/docker-compose.yml logs app' }}
      when: application_stack_changed and application_run_migrations

    - name: Display application accessibility status
      debug:
        msg: >-
          Application health check: {{
            'SUCCESS (HTTP ' + (application_healthcheck_status | string) + ')'
            if application_healthcheck_status == 200 else
            'FAILED or not ready yet (HTTP ' + (application_healthcheck_status | string) + ')'
          }}
      when: application_stack_changed and application_healthcheck_url | length > 0

    - name: Summary
      debug:
        msg:
          - "=== Infrastructure Deployment Complete ==="
          - "Traefik: {{ 'Deployed' if traefik_stack_changed else 'Already running' }}"
          - "PostgreSQL: {{ 'Deployed' if postgresql_stack_changed else 'Already running' }}"
          - "Docker Registry: {{ 'Deployed' if registry_stack_changed else 'Already running' }}"
          - "DNS: {{ 'Deployed' if dns_stack_changed else 'Already running' }}"
          - "MinIO: {{ 'Deployed' if minio_stack_changed else 'Already running' }}"
          - "Gitea: {{ 'Deployed' if gitea_stack_changed else 'Already running' }}"
          - "Monitoring: {{ 'Deployed' if monitoring_stack_changed else 'Already running' }}"
          - "Application: {{ 'Deployed' if application_stack_changed else 'Already running' }}"
          - ""
          - "Next Steps:"
          - "1. Access Gitea at: https://{{ gitea_domain }}"
          - "2. Complete Gitea setup wizard if first-time deployment"
          - "3. Navigate to Admin > Actions > Runners to get registration token"
          - "4. Continue with Phase 1 - Gitea Runner Setup"
          - "5. Access Application at: https://{{ app_domain }}"