---
- name: Prepare all nodes
  hosts: k3s_cluster
  gather_facts: true
  become: true
  roles:
    - role: prereq
  tags:
    - prereq
    - prepare

- name: Setup primary k3s master (control-plane node 1)
  hosts: "{{ groups['master'][0] }}"
  become: true
  roles:
    - role: k3s-server
  tags:
    - k3s-server
    - server
    - master

- name: Setup additional k3s masters (control-plane nodes 2+)
  hosts: "{{ groups['master'][1:] | default([]) }}"
  serial: 1
  become: true
  roles:
    - role: k3s-server
  tags:
    - k3s-server
    - server
    - master

- name: Setup k3s agents (worker nodes)
  hosts: worker
  become: true
  roles:
    - role: k3s-agent
  tags:
    - k3s-agent
    - agent
    - worker

- name: Install compute-blade-agent on all nodes
  hosts: all
  become: true
  roles:
    - role: compute-blade-agent
  tags:
    - compute-blade-agent
    - blade-agent

- name: Configure Traefik (ACME / Let's Encrypt via Cloudflare DNS-01)
  hosts: "{{ groups['master'][0] }}"
  gather_facts: false
  become: false
  roles:
    - role: traefik-config
  tags:
    - traefik-config
    - traefik
    - certs

- name: Deploy Vaultwarden
  hosts: "{{ groups['master'][0] }}"
  gather_facts: false
  become: false
  roles:
    - role: vaultwarden
  tags:
    - vaultwarden

- name: Install Prometheus Operator
  hosts: "{{ groups['master'][0] }}"
  gather_facts: false
  become: true
  roles:
    - role: prometheus-operator
  tags:
    - prometheus-operator
    - monitoring

- name: Deploy test applications
  hosts: "{{ groups['master'][0] }}"
  gather_facts: true
  become: true
  roles:
    - role: k3s-deploy-test
  tags:
    - test
    - deploy-test