diff --git a/requirements.yml b/requirements.yml index d5ebdfc..e5538cc 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,3 +3,6 @@ collections: - name: debops.debops version: ">=3.1.0" source: https://galaxy.ansible.com + - name: community.sops + version: ">=2.2.4" + source: https://galaxy.ansible.com diff --git a/roles/ansible_pull/tasks/main.yaml b/roles/ansible_pull/tasks/main.yaml index eff8cb0..e77bfc4 100644 --- a/roles/ansible_pull/tasks/main.yaml +++ b/roles/ansible_pull/tasks/main.yaml @@ -1,8 +1,14 @@ - name: ensure dependencies are installed - ansible.builtin.apt: - name: virtualenv - state: present - become: true + block: + - name: ensure apt dependencies are installed + ansible.builtin.apt: + name: virtualenv + state: present + become: true + + - name: ensure SOPS is installed + ansible.builtin.include_role: + name: community.sops.install # https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip # https://www.redhat.com/en/blog/python-venv-ansible diff --git a/roles/ansible_pull/templates/ansible-pull.service.j2 b/roles/ansible_pull/templates/ansible-pull.service.j2 index 0f80907..b344505 100644 --- a/roles/ansible_pull/templates/ansible-pull.service.j2 +++ b/roles/ansible_pull/templates/ansible-pull.service.j2 @@ -7,6 +7,9 @@ OnFailure=ansible-pull-failure-notify.service [Service] Type=oneshot Environment="SOPS_AGE_KEY_FILE=/etc/ansible_pull_secrets/age_private_key" +ExecStartPre=/usr/bin/bash -c 'if [ ! -e /home/chaos/ansible_pull_checkout ]; then git clone --depth 1 "{{ ansible_pull__repo_url }}" /home/chaos/ansible_pull_checkout ; fi' +ExecStartPre=/usr/local/lib/ansible_pull_venv/bin/ansible-galaxy role install -r /home/chaos/ansible_pull_checkout/requirements.yml +ExecStartPre=/usr/local/lib/ansible_pull_venv/bin/ansible-galaxy collection install -r /home/chaos/ansible_pull_checkout/requirements.yml ExecStart=/usr/local/lib/ansible_pull_venv/bin/ansible-pull \ --directory /home/chaos/ansible_pull_checkout \ --clean \