Simplify Ansible playbook: remove Cloudflare tasks, add git pull and direct dependency install

- Remove entire Cloudflare configuration play (DNS, SSL, HSTS, bot management)
- Replace make install_prod with direct git pull, composer install, bun install, bun run build
- Add Docker image pull step before container restart
- Keep server deployment: env, containers, migrations, cache, uploads, Caddy, Supervisor

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Makefile

@@ -35,7 +35,7 @@ pull_prod: ## Pull les images Docker prod
 
 ## —— Ansible —————————————————————————————————————
 deploy_prod: ## Deploy en prod via Ansible (demande le vault password)
-	ansible && ansible-playbook -i hosts.ini deploy.yml --ask-vault-pass
+	 ansible-playbook ansible/deploy.yml -i ansible/hosts.ini --ask-vault-pass
 
 ## —— Install ——————————————————————————————————————
 install_dev: ## Install les dependances dev via Docker

ansible/deploy.yml

@@ -1,178 +1,4 @@
 ---
-# --- Cloudflare configuration ---
-- name: Configure Cloudflare
-  hosts: localhost
-  connection: local
-  vars_files:
-    - vault.yml
-
-  vars:
-    zone_id: "{{ cloudflare_zone_id }}"
-    cloudflare_record: ticket.e-cosplay.fr
-    server_ip: 34.90.187.4
-
-  tasks:
-    # --- DNS ---
-    - name: Create or update DNS A record
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/dns_records"
-        method: POST
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          type: A
-          name: "{{ cloudflare_record }}"
-          content: "{{ server_ip }}"
-          ttl: 1
-          proxied: true
-        status_code: [200, 409]
-      register: dns_result
-      ignore_errors: true
-
-    - name: Update DNS A record if already exists
-      when: dns_result.status == 409 or (dns_result.json is defined and not dns_result.json.success)
-      block:
-        - name: Get existing DNS record
-          uri:
-            url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/dns_records?name={{ cloudflare_record }}&type=A"
-            method: GET
-            headers:
-              Authorization: "Bearer {{ cloudflare_api_token }}"
-            return_content: true
-          register: existing_dns
-
-        - name: Update DNS record
-          uri:
-            url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/dns_records/{{ existing_dns.json.result[0].id }}"
-            method: PUT
-            headers:
-              Authorization: "Bearer {{ cloudflare_api_token }}"
-              Content-Type: application/json
-            body_format: json
-            body:
-              type: A
-              name: "{{ cloudflare_record }}"
-              content: "{{ server_ip }}"
-              ttl: 1
-              proxied: true
-
-    # --- SSL/TLS ---
-    - name: Set SSL mode to Full (Strict)
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/settings/ssl"
-        method: PATCH
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          value: strict
-
-    - name: Enable Always Use HTTPS
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/settings/always_use_https"
-        method: PATCH
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          value: "on"
-
-    - name: Set minimum TLS version to 1.2
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/settings/min_tls_version"
-        method: PATCH
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          value: "1.2"
-
-    # --- Security headers ---
-    - name: Enable HSTS
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/settings/security_header"
-        method: PATCH
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          value:
-            strict_transport_security:
-              enabled: true
-              max_age: 31536000
-              include_subdomains: true
-              nosniff: true
-
-    # --- Performance ---
-    - name: Enable Brotli compression
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/settings/brotli"
-        method: PATCH
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          value: "on"
-
-    - name: Set browser cache TTL to 1 month
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/settings/browser_cache_ttl"
-        method: PATCH
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          value: 2592000
-
-    # --- Security ---
-    - name: Set security level to medium
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/settings/security_level"
-        method: PATCH
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          value: medium
-
-    - name: Enable bot fight mode
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/bot_management"
-        method: PUT
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          fight_mode: true
-      ignore_errors: true
-
-    # --- Allow SEO bots ---
-    - name: Allow SEO and social media bots
-      uri:
-        url: "https://api.cloudflare.com/client/v4/zones/{{ zone_id }}/firewall/rules"
-        method: POST
-        headers:
-          Authorization: "Bearer {{ cloudflare_api_token }}"
-          Content-Type: application/json
-        body_format: json
-        body:
-          - filter:
-              expression: '(cf.client.bot) or (http.user_agent contains "Googlebot") or (http.user_agent contains "Bingbot") or (http.user_agent contains "bingbot") or (http.user_agent contains "Yandex") or (http.user_agent contains "DuckDuckBot") or (http.user_agent contains "Baiduspider") or (http.user_agent contains "facebookexternalhit") or (http.user_agent contains "Twitterbot") or (http.user_agent contains "LinkedInBot")'
-            action: allow
-            description: "Allow SEO and social media bots"
-        status_code: [200, 409]
-      ignore_errors: true
-
 # --- Server deployment ---
 - name: Deploy e-ticket to production
   hosts: production
@@ -195,13 +21,37 @@
         group: bot
         mode: "0600"
 
-    - name: Stop production containers
-      command: make stop_prod
+    - name: Pull latest code
+      command: git pull origin master
+      args:
+        chdir: /var/www/e-ticket
+      become_user: bot
+
+    - name: Install PHP dependencies
+      command: composer install --no-dev --optimize-autoloader
+      args:
+        chdir: /var/www/e-ticket
+      become_user: bot
+
+    - name: Install JS dependencies
+      command: bun install
+      args:
+        chdir: /var/www/e-ticket
+      become_user: bot
+
+    - name: Build assets
+      command: bun run build
+      args:
+        chdir: /var/www/e-ticket
+      become_user: bot
+
+    - name: Pull Docker images
+      command: make pull_prod
       args:
         chdir: /var/www/e-ticket
 
-    - name: Install dependencies and build assets
-      command: make install_prod
+    - name: Stop production containers
+      command: make stop_prod
       args:
         chdir: /var/www/e-ticket