---
# Full first-time deployment — provisions and deploys everything in one shot.
# Usage: ansible-playbook playbooks/deploy.yml
#
# Prerequisites:
#   1. run setup.sh and review config.yml, vault.yml, dns.yml
#   2. if enable_restic: run storage_box.yml first so storagebox.yml exists
#      before this playbook starts (Ansible loads group_vars at startup)
#
# This playbook is intended for initial deployments only. After the first run,
# bootstrap will fail (root SSH is disabled) — use site.yml for subsequent deploys.
#
# dkim_sync.yml is intentionally excluded: it requires the mail server to be
# fully running and keys generated. Run it manually after confirming mail is up:
#   ansible-playbook playbooks/dkim_sync.yml

- import_playbook: provision.yml
- import_playbook: dns.yml

# Refresh inventory so the newly provisioned server IP is visible to subsequent plays
- name: Refresh inventory
  hosts: localhost
  connection: local
  gather_facts: false
  tasks:
    - meta: refresh_inventory

- import_playbook: bootstrap.yml
- import_playbook: site.yml