From: Jakub Czajka Date: Fri, 1 Dec 2023 01:29:03 +0000 (+0100) Subject: Move configuration playbooks to repositories. X-Git-Url: https://git.ekhem.eu.org/?a=commitdiff_plain;h=5783d2d7281beb01ad3751aa0d9307bfe23202f3;p=turnup.git Move configuration playbooks to repositories. --- diff --git a/cv.yaml b/cv.yaml deleted file mode 100644 index 8c4361c..0000000 --- a/cv.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - vars: - repos: - - /srv/git/cv.git - dest: "/srv/prod/cv" - tasks: - - name: Ensure destination directory exists - file: - path: "{{ dest }}" - mode: 0775 - state: directory - owner: git - group: git - become: true - - name: Checkout to the destination directory - command: | - git --work-tree={{ dest }} --git-dir={{ item }} checkout main --force - become: yes - with_items: "{{ repos }}" - - name: Install texlive - package: - name: - - texlive - state: latest - become: yes - - name: Compile CV - command: pdflatex --output-directory=/srv/prod/cv /srv/prod/cv/cv.tex - become: yes diff --git a/notify.yaml b/notify.yaml deleted file mode 100644 index 1875f69..0000000 --- a/notify.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - vars: - repos: - - /srv/git/notify.git - dest: "/srv/prod/notify" - tasks: - - name: Ensure user exists for executing scripts - user: - name: "notify" - shell: "/bin/sh" - home: "{{ dest }}" - become: yes - - name: Ensure destination directory exists - file: - path: "{{ dest }}" - mode: 0775 - state: directory - owner: git - group: notify - become: true - - name: Ensure destination directory exists - file: - path: "{{ dest }}" - state: directory - become: true - - name: Checkout files to the destination directory - command: | - git --work-tree={{ dest }} --git-dir={{ item }} checkout main --force - become: yes - with_items: "{{ repos }}" - - name: Ensure correct ownership in the destination directory - file: - dest: "{{ dest }}" - owner: git - group: notify - recurse: yes - become: yes - - name: Symlink system configuration - file: - src: "{{ dest }}/{{ item }}" - dest: "/etc/systemd/system/{{ item }}" - state: link - become: true - with_items: - - notify_failure@.service - - name: Set execution mode to scripts - file: - dest: "{{ dest }}/{{ item }}" - mode: 0755 - become: true - with_items: - - notify_on_failure.sh diff --git a/password_store.yaml b/password_store.yaml deleted file mode 100644 index c18ea6f..0000000 --- a/password_store.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - vars: - repos: - - /srv/git/password_store.git - dest: "/srv/prod/password_store" - tasks: - - name: Ensure destination directory exists - file: - path: "{{ dest }}" - mode: 0775 - state: directory - owner: git - group: git - become: true - - name: Checkout files to the destination directory - command: | - git --work-tree={{ dest }} --git-dir={{ item }} checkout main --force - become: yes - with_items: "{{ repos }}" diff --git a/server.yaml b/server.yaml deleted file mode 100644 index 1d1f9bf..0000000 --- a/server.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- name: Install dovecot - import_playbook: server/dovecot.yaml - -- name: Install fail2ban - import_playbook: server/fail2ban.yaml - -- name: Install git - import_playbook: server/git.yaml - -- name: Install opendkim - import_playbook: server/opendkim.yaml - -- name: Install matrix - import_playbook: server/matrix.yaml - -- name: Install metadata - import_playbook: server/metadata.yaml - -- name: Install nginx - import_playbook: server/nginx.yaml - -- name: Install postgres - import_playbook: server/postgres.yaml - -- name: Install postfix - import_playbook: server/postfix.yaml - -- name: Install web server sites - import_playbook: server/websites.yaml - -- name: Install rsyslog - import_playbook: server/rsyslog.yaml - -- name: Install sshd - import_playbook: server/sshd.yaml diff --git a/server/dovecot.yaml b/server/dovecot.yaml deleted file mode 100644 index ea1f519..0000000 --- a/server/dovecot.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration - command: | - git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main \ - --force dovecot/* - become: yes - - name: Install dovecot - package: - name: - - dovecot-imapd - - dovecot-lmtpd - - dovecot-pgsql - state: latest - become: yes - - name: Ensure dovecot directory structure exists - file: - path: "/etc/dovecot/conf.d" - state: directory - become: yes - - name: Copy to /etc/dovecot - copy: - src: "/tmp/dovecot/{{ item }}" - dest: "/etc/dovecot" - remote_src: true - become: true - with_items: - - dovecot-dict-auth.conf.ext - - dovecot-dict-sql.conf.ext - - dovecot-sql.conf.ext - - dovecot.conf - - name: Copy to /etc/dovecot/conf.d - copy: - src: "/tmp/dovecot/{{ item }}" - dest: "/etc/dovecot/conf.d" - remote_src: true - become: true - with_items: - - 10-auth.conf - - 10-master.conf - - 15-mailboxes.conf - - 90-plugin.conf - - auth-dict.conf.ext - - auth-static.conf.ext - - 10-director.conf - - 10-ssl.conf - - 20-imap.conf - - 90-quota.conf - - auth-master.conf.ext - - auth-system.conf.ext - - 10-logging.conf - - 10-tcpwrapper.conf - - 20-lmtp.conf - - auth-checkpassword.conf.ext - - auth-passwdfile.conf.ext - - 10-mail.conf - - 15-lda.conf - - 90-acl.conf - - auth-deny.conf.ext - - auth-sql.conf.ext - - name: Ensure correct permissions for the virtual mailbox - file: - path: "/var/vmail" - state: directory - mode: "0775" - owner: vmail - group: storage - recurse: true - become: true - - name: Ensure configuration of the virtual mailbox user - user: - name: "vmail" - home: "/var/vmail" - shell: "/usr/sbin/nologin" - password_lock: true - become: yes - - name: Ensure log files exist - file: - path: "/var/log/{{ item }}" - state: touch - owner: vmail - group: vmail - become: yes - with_items: - - dovecot.log - - dovecot-info.log - - name: Restart dovecot - service: - name: dovecot - state: restarted - become: yes diff --git a/server/fail2ban.yaml b/server/fail2ban.yaml deleted file mode 100644 index 391df4e..0000000 --- a/server/fail2ban.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration - command: | - git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main \ - --force fail2ban/* - become: yes - - name: Install fail2ban - package: - name: - - fail2ban - state: latest - become: yes - - name: Ensure fail2ban directory structure exists - file: - path: "/etc/fail2ban" - state: directory - become: yes - - name: Copy to /etc/fail2ban - copy: - src: "/tmp/fail2ban/{{ item }}" - dest: "/etc/fail2ban" - remote_src: true - become: true - with_items: - - fail2ban.local - - jail.local - - paths-common.conf - - name: Restart fail2ban - service: - name: fail2ban - state: restarted - become: yes diff --git a/server/git.yaml b/server/git.yaml deleted file mode 100644 index 61fbdf6..0000000 --- a/server/git.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration - command: | - git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main \ - --force git/* - become: yes - - name: Install gitweb - package: - name: - - fcgiwrap - - gitweb - state: latest - become: yes - - name: Ensure git directory structure exists - file: - path: "/etc/git" - state: directory - become: yes - - name: Copy to /etc - copy: - src: "/tmp/git/{{ item }}" - dest: "/etc/git" - remote_src: true - become: true - with_items: - - ekhem.conf - - dobity.conf - - name: Restart fcgiwrap - service: - name: fcgiwrap - state: restarted - become: yes diff --git a/server/matrix.yaml b/server/matrix.yaml deleted file mode 100644 index 270c130..0000000 --- a/server/matrix.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration files - command: | - git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main \ - --force matrix/* - become: yes - - name: Install matrix - package: - name: - - matrix-synapse - state: latest - become: yes - - name: Ensure matrix directory structure exists - file: - path: "/etc/matrix-synapse/conf.d" - state: directory - become: yes - - name: Copy to /etc/matrix-synapse - copy: - src: "/tmp/matrix/{{ item }}" - dest: "/etc/matrix-synapse" - remote_src: true - become: true - with_items: - - homeserver.yaml - - log.yaml - - name: Copy to /etc/matrix-synapse/conf.d - copy: - src: "/tmp/matrix/{{ item }}" - dest: "/etc/matrix-synapse/conf.d" - remote_src: true - become: true - with_items: - - report_stats.yaml - - server_name.yaml - - name: Restart matrix-synapse - service: - name: matrix-synapse - state: restarted - become: yes diff --git a/server/metadata.yaml b/server/metadata.yaml deleted file mode 100644 index 1a1fa1b..0000000 --- a/server/metadata.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration - command: | - git --work-tree=/srv/git --git-dir=/srv/git/metadata.git checkout main \ - --force "*.git/*" - become: yes - - name: Checkout additional configuration - command: | - git --work-tree=/etc/sudoers.d --git-dir=/srv/git/metadata_prod.git \ - checkout main --force "90-git*" - become: yes - - name: Install ansible - package: - name: - - ansible - state: latest - become: yes - - name: Find all post-receive scripts - find: - paths: "/srv/git" - recurse: yes - patterns: "post-receive" - register: post_receive_scripts - - name: Ensure correct permissions on the post-receive scripts - file: - path: "{{ item.path }}" - owner: git - group: git - mode: '0744' - become: yes - with_items: "{{ post_receive_scripts.files }}" - - name: Ensure correct permissions on the additional configuration - file: - path: "/etc/sudoers.d/90-git" - owner: root - group: root - mode: '0440' - become: yes diff --git a/server/nginx.yaml b/server/nginx.yaml deleted file mode 100644 index dd9e28d..0000000 --- a/server/nginx.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration - command: | - git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main \ - --force nginx/* - become: yes - - name: Install nginx - package: - name: - - nginx - state: latest - become: yes - - name: Ensure postfix directory structure exists - file: - path: "/etc/nginx" - state: directory - become: yes - - name: Copy to /etc/nginx - copy: - src: "/tmp/nginx/{{ item }}" - dest: "/etc/nginx" - remote_src: true - become: true - with_items: - - mime.types - - nginx.conf - - name: Restart nginx - service: - name: nginx - state: restarted - become: yes diff --git a/server/opendkim.yaml b/server/opendkim.yaml deleted file mode 100644 index 2410218..0000000 --- a/server/opendkim.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration - command: | - git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main \ - --force opendkim/* - become: yes - - name: Install opendkim - package: - name: - - opendkim - - libopendbx1-pgsql - state: latest - become: yes - - name: Copy to /etc - copy: - src: "/tmp/opendkim/opendkim.conf" - dest: "/etc" - remote_src: true - become: true - - name: Copy to /etc/default - copy: - src: "/tmp/opendkim/opendkim" - dest: "/etc/default" - remote_src: true - become: true - - name: Ensure correct permissions for opendkim files - file: - path: "/etc/opendkim/keys/{{ item.domain }}/{{ item.name }}" - mode: "0500" - become: true - with_items: - - domain: "dobity.eu.org" - name: "dobity.private" - - domain: "dobity.eu.org" - name: "dobity.txt" - - domain: "ekhem.eu.org" - name: "ekhem.txt" - - domain: "ekhem.eu.org" - name: "ekhem.txt" - - name: Restart opendkim - service: - name: opendkim - state: restarted - become: yes diff --git a/server/postfix.yaml b/server/postfix.yaml deleted file mode 100644 index f7fd8cf..0000000 --- a/server/postfix.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration - command: | - git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main \ - --force postfix/* - become: yes - - name: Install postfix - package: - name: - - postfix - - postfix-pgsql - state: latest - become: yes - - name: Ensure postfix directory structure exists - file: - path: "/etc/postfix" - state: directory - become: yes - - name: Copy to /etc/postfix - copy: - src: "/tmp/postfix/{{ item }}" - dest: "/etc/postfix" - remote_src: true - become: true - with_items: - - address_book.cf - - domains.cf - - main.cf - - master.cf - - name: Restart postfix - service: - name: postfix - state: restarted - become: yes diff --git a/server/postgres.yaml b/server/postgres.yaml deleted file mode 100644 index 50555d4..0000000 --- a/server/postgres.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration - command: | - git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main \ - --force postgres/* - become: yes - - name: Install postgres - package: - name: - - postgresql - state: latest - become: yes - - name: Ensure postgres directory structure exists - file: - path: "/etc/postgresql/15/main/" - state: directory - become: yes - - name: Copy to /etc/postgresq/15/main - copy: - src: "/tmp/postgres/{{ item }}" - dest: "/etc/postgresql/15/main" - remote_src: true - become: true - with_items: - - pg_hba.conf - - postgresql.conf - - name: Ensure a directory for private files exists - file: - path: "/etc/postgresql/15/main/private" - state: directory - mode: "0700" - owner: postgres - group: postgres - become: true - - name: Copy certificates - copy: - src: "/etc/letsencrypt/live/postgres/{{ item }}" - dest: "/etc/postgresql/15/main/private" - mode: "0600" - owner: postgres - group: postgres - remote_src: true - become: true - with_items: - - fullchain.pem - - privkey.pem - - name: Restart postgres - service: - name: postgresql - state: restarted - become: yes diff --git a/server/rsyslog.yaml b/server/rsyslog.yaml deleted file mode 100644 index 8950992..0000000 --- a/server/rsyslog.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Install rsyslog - package: - name: - - rsyslog - state: latest - become: yes - - name: Restart rsyslog - service: - name: rsyslog - state: restarted - become: yes diff --git a/server/sshd.yaml b/server/sshd.yaml deleted file mode 100644 index c263f22..0000000 --- a/server/sshd.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration - command: | - git --work-tree=/tmp --git-dir=/srv/git/server.git checkout main \ - --force sshd/* - become: yes - - name: Copy to /etc/ssh - copy: - src: "/tmp/sshd/sshd_config" - dest: "/etc/ssh" - remote_src: true - become: true - - name: Restart sshd - service: - name: ssh - state: restarted - become: yes diff --git a/server/websites.yaml b/server/websites.yaml deleted file mode 100644 index 35f293f..0000000 --- a/server/websites.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Checkout configuration files - command: | - git --work-tree=/tmp --git-dir=/srv/git/server_prod.git checkout main \ - --force - become: yes - - name: Ensure sites-available directory exists - file: - path: "/etc/nginx/sites-available" - state: directory - become: yes - - name: Ensure sites-enabled directory exists - file: - path: "/etc/nginx/sites-enabled" - state: directory - become: yes - - name: Copy to /etc/nginx/sites-available - copy: - src: "/tmp/nginx/{{ item }}" - dest: "/etc/nginx/sites-available" - remote_src: true - become: true - with_items: - - cv.ekhem.eu.org - - dobity.eu.org - - drive.dobity.eu.org - - ekhem.eu.org - - git.dobity.eu.org - - git.ekhem.eu.org - - matrix.dobity.eu.org - - pass.dobity.eu.org - - yt.dobity.eu.org - - name: Symlink to /etc/nginx/sites-enabled - file: - src: "/etc/nginx/sites-available/{{ item }}" - dest: "/etc/nginx/sites-enabled/{{ item }}" - state: link - become: true - with_items: - - cv.ekhem.eu.org - - dobity.eu.org - - drive.dobity.eu.org - - ekhem.eu.org - - git.dobity.eu.org - - git.ekhem.eu.org - - matrix.dobity.eu.org - - pass.dobity.eu.org - - yt.dobity.eu.org - - name: Restart nginx - service: - name: nginx - state: restarted - become: yes diff --git a/services.yaml b/services.yaml deleted file mode 100644 index 690fe2d..0000000 --- a/services.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Restart {{ item }}.service - service: - name: "{{ item }}" - state: restarted - become: yes - with_items: - - postgresql - - postfix - - dovecot - - fail2ban - - fcgiwrap - - matrix-synapse - - opendkim - - nginx - - ssh diff --git a/storage_drive.yaml b/storage_drive.yaml deleted file mode 100644 index 4e6febe..0000000 --- a/storage_drive.yaml +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - vars: - repos: - - /srv/git/storage_drive.git - - /srv/git/storage_drive_prod.git - dest: "/srv/prod/storage" - tasks: - - name: Ensure user exists for executing scripts - user: - name: "storage" - shell: "/bin/sh" - home: "{{ dest }}" - become: yes - - name: Ensure destination directory exists - file: - path: "{{ dest }}" - mode: 0775 - state: directory - owner: git - group: storage - become: true - - name: Install python-venv - package: - name: - - python3.11-venv - state: latest - become: yes - - name: Checkout to the destination directory - command: | - git --work-tree={{ dest }} --git-dir={{ item }} checkout main --force - become: yes - with_items: "{{ repos }}" - - name: Ensure correct ownership in the destination directory - file: - dest: "{{ dest }}" - owner: git - group: storage - recurse: yes - become: yes - - name: Symlink service configuration - file: - src: "{{ dest }}/{{ item }}" - dest: "/etc/systemd/system/{{ item }}" - state: link - become: true - with_items: - - drive_auth.service - - drive_download.service - - drive_upload.service - - psql_backup.service - - psql_backup.timer - - storage_drive.service - - storage_drive.timer - - name: Set execution mode to scripts - file: - dest: "{{ dest }}/{{ item }}" - mode: 0755 - become: true - with_items: - - auth.sh - - download.sh - - psql_backup.sh - - storage_drive.sh - - upload.sh - - name: Enable services - systemd: - name: "{{ item }}" - state: restarted - enabled: true - daemon_reload: true - become: true - with_items: - - drive_auth.service - - drive_download.service - - drive_upload.service - - storage_drive.service diff --git a/turnup.yaml b/turnup.yaml index 39ef558..4513229 100644 --- a/turnup.yaml +++ b/turnup.yaml @@ -1,9 +1,6 @@ # Copyright (c) 2023 Jakub Czajka # License: GPL-3.0 or later. -- name: Ensure necessary users exist - import_playbook: users.yaml - - hosts: servers vars_files: - sources.yaml @@ -30,31 +27,19 @@ - import_playbook: install/ssl_certificates.yaml -- name: Deploy server - import_playbook: server.yaml - - name: Recreate database import_playbook: database.yaml -- name: Restart services - import_playbook: services.yaml - -- name: Deploy cv - import_playbook: cv.yaml - -- name: Deploy website - import_playbook: website.yaml - -- name: Deploy password store - import_playbook: password_store.yaml -- name: Deploy notify - import_playbook: notify.yaml - -- name: Deploy storage drive - import_playbook: storage_drive.yaml - -- name: Deploy yt-dlp server - import_playbook: yt_dlp_server.yaml +- hosts: servers + tasks: + - find: + paths: "/srv/git" + file_type: file + patterns: "*.yaml" + recurse: true + register: post_receive_scripts + - shell: ansible-playbook --connection=local {{ item.path }} + with_items: "{{ post_receive_scripts.files }}" - import_playbook: install/database_from_save.yaml diff --git a/users.yaml b/users.yaml deleted file mode 100644 index 84fdfcd..0000000 --- a/users.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - tasks: - - name: Install git - package: - name: - - git - state: latest - become: yes - - name: Ensure user git exists - user: - name: "git" - become: yes - - name: Copy the SSH key for user git - authorized_key: - user: "git" - state: present - key: "{{ lookup('file', '{{ ssh_key }}') }}" - key_options: > - "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty" - become: true - - name: Ensure git uses the git-web shell - user: - name: "git" - shell: "/usr/bin/git-shell" - become: yes - - name: Ensure existance of the {{ item }} user - user: - name: "{{ item }}" - become: yes - with_items: - - opendkim - - vmail - - storage diff --git a/website.yaml b/website.yaml deleted file mode 100644 index 2aa53e9..0000000 --- a/website.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - vars: - repos: - - /srv/git/website.git - dest: "/srv/prod/www" - tasks: - - name: Ensure destination directory exists - file: - path: "{{ dest }}" - state: directory - become: true - - name: Checkout files to the destination directory - command: | - git --work-tree={{ dest }} --git-dir={{ item }} checkout main --force - become: yes - with_items: "{{ repos }}" diff --git a/yt_dlp_server.yaml b/yt_dlp_server.yaml deleted file mode 100644 index 0133368..0000000 --- a/yt_dlp_server.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright (c) 2023 Jakub Czajka -# License: GPL-3.0 or later. - -- hosts: servers - vars: - repos: - - /srv/git/yt_dlp_server.git - - /srv/git/yt_dlp_server_prod.git - dest: "/srv/prod/yt_dlp_server" - tasks: - - name: Ensure user exists for executing scripts - user: - name: "yt_dlp_server" - shell: "/bin/sh" - home: "{{ dest }}" - become: yes - - name: Ensure destination directory exists - file: - path: "{{ dest }}" - mode: 0775 - state: directory - owner: git - group: yt_dlp_server - become: true - - name: Install dependencies - package: - name: - - ffmpeg - - python3.11-venv - state: latest - become: yes - - name: Checkout to the destination directory - command: | - git --work-tree={{ dest }} --git-dir={{ item }} checkout main --force - become: yes - with_items: "{{ repos }}" - - name: Ensure correct ownership in the destination directory - file: - dest: "{{ dest }}" - owner: git - group: yt_dlp_server - recurse: yes - become: yes - - name: Symlink system configuration - file: - src: "{{ dest }}/{{ item }}" - dest: "/etc/systemd/system/{{ item }}" - state: link - become: true - with_items: - - yt_dlp_server.service - - name: Set execution mode to scripts - file: - dest: "{{ dest }}/{{ item }}" - mode: 0755 - become: true - with_items: - - yt_dlp_server.sh - - name: Enable services - systemd: - name: "{{ item }}" - state: restarted - enabled: true - daemon_reload: true - become: true - with_items: - - yt_dlp_server.service