new-site/infra/ansible/playbooks/site.yml

---
# Performance West — Full Stack Provisioning
# Provisions a fresh Debian 13 server from scratch.
#
# Usage:
#   ansible-playbook playbooks/site.yml -i inventory/hosts.yml --ask-vault-pass
#
# Roles run in order:
#   common     — packages, deploy user, SSH hardening, UFW
#   docker     — Docker CE + compose plugin + performancewest.service systemd unit
#   postgresql — API PostgreSQL + backup cron + migrations
#   app        — Express API container
#   site       — Astro static site container
#   erpnext    — ERPNext CRM + workers + scheduler (custom image with frappe_crypto + frappe_adyen)
#   minio      — MinIO object storage + bucket creation
#   workers    — Python job server + Ollama LLM
#   shkeeper   — k3s + Helm + SHKeeper (crypto payments: BTC/ETH/USDC/Polygon/TRX/BNB/LTC)
#   nginx      — nginx + certbot TLS for all domains + fail2ban

- name: Provision Performance West server
  hosts: pw
  become: true
  roles:
    - common
    - docker
    - postgresql
    - app
    - site
    - erpnext
    - minio
    - workers
    - worker-crons
    - shkeeper
    - nginx