added sshpass_cron, updates, secrets

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "ansible.python.interpreterPath": "/home/bastian/src/deploy_home/.venv/bin/python"
+}

ansible/roles/podman/defaults/main.yml

@@ -11,6 +11,7 @@ photos_path: "{{ podman_volumes }}/photos"
 pihole_path: "{{ podman_volumes }}/pihole"
 factorio_path: "{{ podman_volumes }}/factorio"
 fulfillr_path: "{{ podman_volumes }}/fulfillr"
+sshpass_cron_path: "{{ podman_volumes }}/sshpass_cron"
 
 drone_server_proto: "http"
 drone_runner_capacity: "8"

ansible/roles/podman/files/sshpass_cron/crontab

@@ -0,0 +1,4 @@
+0 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@Garage.localdomain 'reboot'
+15 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@LivingRoom.localdomain 'reboot'
+30 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@FrontYard.localdomain 'reboot'
+45 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@Office.localdomain 'reboot'

ansible/roles/podman/tasks/container-bookstack.yml

@@ -59,7 +59,7 @@
   become_user: "{{ podman_user }}"
   containers.podman.podman_container:
     name: bookstack
-    image: docker.io/solidnerd/bookstack:22.11.1
+    image: docker.io/solidnerd/bookstack:23.6
     recreate: true
     restart: false
     restart_policy: on-failure:3

ansible/roles/podman/tasks/container-fulfillr.yml

@@ -37,7 +37,7 @@
   become_user: "{{ podman_user }}"
   containers.podman.podman_container:
     name: fulfillr
-    image: "{{ aws_ecr_endpoint }}/fulfillr:20230710.1937"
+    image: "{{ aws_ecr_endpoint }}/fulfillr:20230711.1654"
     image_strict: true
     command: --config /config/production.json
     recreate: true

ansible/roles/podman/tasks/container-sshpass-cron.yml

@@ -0,0 +1,64 @@
+---
+- name: create sshpass_cron host directory volumes
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0755
+  notify: restorecon podman
+  loop:
+    - "{{ sshpass_cron_path }}"
+  tags: sshpass_cron
+
+- name: copy sshpass_cron crontab
+  become: true
+  ansible.builtin.template:
+    src: "files/sshpass_cron/{{ item }}"
+    dest: "{{ sshpass_cron_path }}/{{ item }}"
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0644
+  loop:
+    - crontab
+  notify:
+    - restorecon podman
+  tags: sshpass_cron
+
+- name: create sshpass_cron password file
+  become: true
+  ansible.builtin.copy:
+    dest: "{{ sshpass_cron_path }}/unifi-pass"
+    content: "{{ unifi_ssh_password }}"
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0400
+  notify:
+    - restorecon podman
+  tags: sshpass_cron
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+  tags: sshpass_cron
+
+- name: create sshpass_cron container
+  become: true
+  become_user: "{{ podman_user }}"
+  containers.podman.podman_container:
+    name: sshpass_cron
+    image: docker.io/bdebyl/sshpass-cron:1.0.9
+    image_strict: true
+    recreate: true
+    restart: true
+    restart_policy: on-failure:3
+    log_driver: journald
+    volumes:
+      - "{{ sshpass_cron_path }}:/mnt"
+  tags: sshpass_cron
+
+- name: create systemd startup job for sshpass_cron
+  include_tasks: systemd-generate.yml
+  vars:
+    container_name: sshpass_cron
+  tags: sshpass_cron

ansible/roles/podman/tasks/main.yml

@@ -14,3 +14,4 @@
 - import_tasks: container-fulfillr.yml
 - import_tasks: container-nginx.yml
 - import_tasks: container-factorio.yml
+- import_tasks: container-sshpass-cron.yml