ansible-infra/roles/ansible_pull/tasks/main.yaml

- name: ensure dependencies are installed
  ansible.builtin.apt:
    name: virtualenv
    state: present
  become: true

# https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip
# https://www.redhat.com/en/blog/python-venv-ansible
- name: ensure Ansible installation exists
  ansible.builtin.pip:
    name:
      - ansible
      - jmespath
    state: present
    virtualenv: /usr/local/lib/ansible_pull_venv
  become: true

- name: ensure secrets directory exists
  ansible.builtin.file:
    path: /etc/ansible_pull_secrets
    state: directory
    mode: "0750"
    owner: root
    group: "{{ ansible_pull__user }}"
  become: true

- name: ensure age private key is deployed
  ansible.builtin.copy:
    content: "{{ ansible_pull__age_private_key }}"
    dest: /etc/ansible_pull_secrets/age_private_key
    mode: "0640"
    owner: root
    group: "{{ ansible_pull__user }}"
  become: true