63 lines
1.6 KiB
YAML
63 lines
1.6 KiB
YAML
- name: ensure dependencies are installed
|
|
ansible.builtin.apt:
|
|
name: virtualenv
|
|
state: present
|
|
become: true
|
|
|
|
# https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip
|
|
# https://www.redhat.com/en/blog/python-venv-ansible
|
|
- name: ensure Ansible installation exists
|
|
ansible.builtin.pip:
|
|
name:
|
|
- ansible
|
|
- jmespath
|
|
state: present
|
|
virtualenv: /usr/local/lib/ansible_pull_venv
|
|
become: true
|
|
|
|
- name: ensure secrets directory exists
|
|
ansible.builtin.file:
|
|
path: /etc/ansible_pull_secrets
|
|
state: directory
|
|
mode: "0750"
|
|
owner: root
|
|
group: "{{ ansible_pull__user }}"
|
|
become: true
|
|
|
|
- name: ensure age private key is deployed
|
|
ansible.builtin.copy:
|
|
content: "{{ ansible_pull__age_private_key }}"
|
|
dest: /etc/ansible_pull_secrets/age_private_key
|
|
mode: "0640"
|
|
owner: root
|
|
group: "{{ ansible_pull__user }}"
|
|
become: true
|
|
|
|
- name: ensure systemd service exists
|
|
ansible.builtin.template:
|
|
src: ansible-pull.service.j2
|
|
dest: /etc/systemd/system/ansible-pull.service
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
become: true
|
|
notify:
|
|
- systemd daemon reload
|
|
|
|
- name: ensure systemd timer exists
|
|
ansible.builtin.template:
|
|
src: ansible-pull.timer.j2
|
|
dest: /etc/systemd/system/ansible-pull.timer
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
become: true
|
|
notify:
|
|
- systemd daemon reload
|
|
|
|
- name: ensure systemd timer is started and enabled
|
|
ansible.builtin.systemd_service:
|
|
name: ansible-pull.timer
|
|
state: started
|
|
enabled: true
|
|
become: true
|