CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 6 Pull requests 10 Wiki Activity Actions

add role tag to ansible_pull role

Browse source
This commit is contained in:
lilly 2026-04-30 23:03:36 +02:00
commit 47e8248841
Signed by: lilly
SSH key fingerprint: SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
1 changed files with 20 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

30
roles/ansible_pull/tasks/main.yaml
View file

@ -1,6 +1,8 @@
- name: ensure dependencies are installed - tags: ["ansible_pull"]
name: ensure dependencies are installed
block: block:
- name: ensure apt dependencies are installed - tags: ["ansible_pull"]
name: ensure apt dependencies are installed
ansible.builtin.apt: ansible.builtin.apt:
name: name:
- python3-pip - python3-pip
@ -9,13 +11,15 @@
state: present state: present
become: true become: true
- name: ensure SOPS is installed - tags: ["ansible_pull"]
name: ensure SOPS is installed
ansible.builtin.include_role: ansible.builtin.include_role:
name: community.sops.install name: community.sops.install
# https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip # https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip
# https://www.redhat.com/en/blog/python-venv-ansible # https://www.redhat.com/en/blog/python-venv-ansible
- name: ensure Ansible installation exists - tags: ["ansible_pull"]
name: ensure Ansible installation exists
ansible.builtin.pip: ansible.builtin.pip:
name: name:
- ansible - ansible
@ -24,7 +28,8 @@
virtualenv: /usr/local/lib/ansible_pull_venv virtualenv: /usr/local/lib/ansible_pull_venv
become: true become: true
- name: ensure ansible-pull-failure-notify script installation exists - tags: ["ansible_pull"]
name: ensure ansible-pull-failure-notify script installation exists
ansible.builtin.template: ansible.builtin.template:
src: ansible-pull-failure-notify.sh.j2 src: ansible-pull-failure-notify.sh.j2
dest: /usr/local/sbin/ansible-pull-failure-notify.sh dest: /usr/local/sbin/ansible-pull-failure-notify.sh
@ -33,7 +38,8 @@
mode: "0755" mode: "0755"
become: true become: true
- name: ensure secrets directory exists - tags: ["ansible_pull"]
name: ensure secrets directory exists
ansible.builtin.file: ansible.builtin.file:
path: /etc/ansible_pull_secrets path: /etc/ansible_pull_secrets
state: directory state: directory
@ -42,7 +48,8 @@
group: "{{ ansible_pull__user }}" group: "{{ ansible_pull__user }}"
become: true become: true
- name: ensure age private key is deployed - tags: ["ansible_pull"]
name: ensure age private key is deployed
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ ansible_pull__age_private_key }}" content: "{{ ansible_pull__age_private_key }}"
dest: /etc/ansible_pull_secrets/age_private_key dest: /etc/ansible_pull_secrets/age_private_key
@ -51,7 +58,8 @@
group: "{{ ansible_pull__user }}" group: "{{ ansible_pull__user }}"
become: true become: true
- name: ensure systemd services exists - tags: ["ansible_pull"]
name: ensure systemd services exists
ansible.builtin.template: ansible.builtin.template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}" dest: "/etc/systemd/system/{{ item }}"
@ -65,7 +73,8 @@
notify: notify:
- systemd daemon reload - systemd daemon reload
- name: ensure systemd timer exists - tags: ["ansible_pull"]
name: ensure systemd timer exists
ansible.builtin.template: ansible.builtin.template:
src: ansible-pull.timer.j2 src: ansible-pull.timer.j2
dest: /etc/systemd/system/ansible-pull.timer dest: /etc/systemd/system/ansible-pull.timer
@ -76,7 +85,8 @@
notify: notify:
- systemd daemon reload - systemd daemon reload
- name: ensure systemd timer is started and enabled - tags: ["ansible_pull"]
name: ensure systemd timer is started and enabled
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: ansible-pull.timer name: ansible-pull.timer
state: started state: started