mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-12-02 15:39:57 +00:00
Kevin Veen-Birkenbach
fff7d261a2
This commit standardizes all run-once implementations across the following roles: - desk-git - dev-fakeroot - dev-git - dev-python-yaml - sys-lock - sys-svc-certs (wildcard flavor) - update-apt - update-pacman - update-compose - user-root (moved logic to 01_core.yml + unified run-once handling) - web-app-matomo - web-svc-libretranslate All roles now: - Use a block guarded by 'run_once_<role>' facts - Trigger run-once state through utils/run_once.yml - Optionally disable handler flushing via 'flush_handlers: false' - Achieve consistent per-host one-time execution semantics Conversation reference: https://chatgpt.com/share/692c7fbb-ff68-800f-8cb4-4b132cffc8e4
19 lines
678 B
YAML
19 lines
678 B
YAML
- block:
|
|
- name: "Load wildcard certificate for domain"
|
|
include_tasks: "dedicated.yml"
|
|
vars:
|
|
wildcard_domain: true
|
|
when:
|
|
- domain.split('.') | length == (PRIMARY_DOMAIN.split('.') | length + 1) and domain.endswith(PRIMARY_DOMAIN)
|
|
- name: run the receive_certificate tasks once
|
|
set_fact:
|
|
run_once_receive_certificate: true
|
|
when: run_once_receive_certificate is not defined
|
|
|
|
- name: "Load dedicated certificate for domain"
|
|
include_tasks: "dedicated.yml"
|
|
vars:
|
|
wildcard_domain: false
|
|
when:
|
|
- not (domain.split('.') | length == (PRIMARY_DOMAIN.split('.') | length + 1) and domain.endswith(PRIMARY_DOMAIN))
|
|
|