---
- name: Deploy Centralized Security Server
  hosts: security_servers
  become: true
  vars:
    server_environment: production
    vault_version: "1.15.2"
    wazuh_version: "4.7.0"
    
  roles:
    - common              # Base system hardening
    - docker              # Container runtime
    - nginx-proxy         # Reverse proxy with SSL
    - vault               # HashiCorp Vault
    - wazuh-server        # OSSEC/Wazuh server
    - elasticsearch       # Log storage
    - prometheus          # Metrics collection
    - grafana             # Dashboards
    - vulnerability-scanner # Security scanning
    - backup-setup        # Backup configuration
    
  post_tasks:
    - name: Verify all services are running
      service:
        name: "{{ item }}"
        state: started
        enabled: yes
      loop:
        - vault
        - wazuh-manager
        - elasticsearch
        - prometheus
        - grafana