---
# ==============================================================================
# Meridian LXC — Site Playbook
# ==============================================================================
# Local Anthropic API powered by Chuck's Claude Max OAuth subscription.
# Bridges the Claude Code SDK to /v1/messages so HAOS's anthropic conversation
# integration (and any Anthropic-compatible client) can use the Max subscription
# instead of paid API tokens.
#
# Security: Meridian has no auth layer of its own. LAN-only reachability is
# the entire security model — no Caddy public vhost, no Cloudflare tunnel.
# OAuth bootstrap is manual: `claude login` on Chuck's Mac, scp ~/.claude/ to
# /opt/meridian/.claude/ on the LXC, then `systemctl restart meridian`.
#
# Usage:
#   ./deploy.sh                  # full deploy
#   ./deploy.sh --tags meridian  # meridian role only
# ==============================================================================

- name: Deploy Meridian LXC
  hosts: all
  become: true
  vars_files:
    - vars/main.yml

  pre_tasks:
    - name: Deploy banner
      debug:
        msg: "===== {{ ansible_play_name }} → {{ inventory_hostname }} ({{ ansible_host | default(inventory_hostname) }}) ====="

  roles:
    - meridian
    - node_exporter