From 9afbc7180171d8cbfece6dd0e86a31279f3fa6b3 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Wed, 15 Oct 2025 02:18:07 +0200
Subject: [PATCH 1/2] ansible_pull(role): ensure role and collection
 dependencies are present

---
 roles/ansible_pull/templates/ansible-pull.service.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/ansible_pull/templates/ansible-pull.service.j2 b/roles/ansible_pull/templates/ansible-pull.service.j2
index 0f80907..b344505 100644
--- a/roles/ansible_pull/templates/ansible-pull.service.j2
+++ b/roles/ansible_pull/templates/ansible-pull.service.j2
@@ -7,6 +7,9 @@ OnFailure=ansible-pull-failure-notify.service
 [Service]
 Type=oneshot
 Environment="SOPS_AGE_KEY_FILE=/etc/ansible_pull_secrets/age_private_key"
+ExecStartPre=/usr/bin/bash -c 'if [ ! -e /home/chaos/ansible_pull_checkout ]; then git clone --depth 1 "{{ ansible_pull__repo_url }}" /home/chaos/ansible_pull_checkout ; fi'
+ExecStartPre=/usr/local/lib/ansible_pull_venv/bin/ansible-galaxy role install -r /home/chaos/ansible_pull_checkout/requirements.yml
+ExecStartPre=/usr/local/lib/ansible_pull_venv/bin/ansible-galaxy collection install -r /home/chaos/ansible_pull_checkout/requirements.yml
 ExecStart=/usr/local/lib/ansible_pull_venv/bin/ansible-pull \
           --directory /home/chaos/ansible_pull_checkout \
           --clean \

From dea66771e0b928e94bf106ab9665cde6a653f346 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Wed, 15 Oct 2025 02:33:42 +0200
Subject: [PATCH 2/2] ansible_pull(role): ensure SOPS is installed

Also add the SOPS community collection as a requirement for this repo.
---
 requirements.yml                   |  3 +++
 roles/ansible_pull/tasks/main.yaml | 14 ++++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/requirements.yml b/requirements.yml
index d5ebdfc..e5538cc 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -3,3 +3,6 @@ collections:
   - name: debops.debops
     version: ">=3.1.0"
     source: https://galaxy.ansible.com
+  - name: community.sops
+    version: ">=2.2.4"
+    source: https://galaxy.ansible.com
diff --git a/roles/ansible_pull/tasks/main.yaml b/roles/ansible_pull/tasks/main.yaml
index eff8cb0..e77bfc4 100644
--- a/roles/ansible_pull/tasks/main.yaml
+++ b/roles/ansible_pull/tasks/main.yaml
@@ -1,8 +1,14 @@
 - name: ensure dependencies are installed
-  ansible.builtin.apt:
-    name: virtualenv
-    state: present
-  become: true
+  block:
+    - name: ensure apt dependencies are installed
+      ansible.builtin.apt:
+        name: virtualenv
+        state: present
+      become: true
+
+    - name: ensure SOPS is installed
+      ansible.builtin.include_role:
+        name: community.sops.install
 
 # https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip
 # https://www.redhat.com/en/blog/python-venv-ansible