WIP: ansible_pull(role): add failure notifications

roles/ansible_pull/templates/ansible-pull-failure-notify.service.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=ansible-pull failure notifier
+After=ansible-pull.service
+Wants=ansible-pull.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/ansible-pull-failure-notify.sh
+User=root

roles/ansible_pull/templates/ansible-pull-failure-notify.sh.j2

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+# Ideally we would use --invocation instead of --since, but this isn't supported in the systemd version Debian 12 ships.
+ANSIBLE_PULL_LOG=$(journalctl --unit=ansible-pull --identifier=ansible-pull --since=-6h --output=cat)
+
+MESSAGE="Subject: [{{ inventory_hostname }}] ansible-pull: execution failure
+
+An error occured during the ansible-pull execution.
+
+Logs:
+""$ANSIBLE_PULL_LOG""
+
+To view the logs yourself run:
+journalctl --unit=ansible-pull --identifier=ansible-pull -e
+"
+
+printf "$MESSAGE" | msmtp '{{ ansible_pull__failure_notification_address }}'

roles/ansible_pull/templates/ansible-pull.service.j2

@@ -16,3 +16,4 @@ ExecStart=/usr/local/lib/ansible_pull_venv/bin/ansible-pull \
 User={{ ansible_pull__user }}
 # Reboot, if /var/run/reboot-required or /var/run/ansible-reboot-required exist.
 ExecStartPost=/usr/bin/bash -c 'if [ -e /var/run/reboot-required ] || [ -e /var/run/ansible-reboot-required ]; then sudo systemctl reboot; fi'
+OnFailure=ansible-pull-failure-notify.service