29 lines
974 B
Bash
29 lines
974 B
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# Self-heal runner for Watchtower.
|
|
# Prefer SSH-based git auth (deploy key) instead of embedding tokens.
|
|
|
|
LOG_FILE="${LOG_FILE:-/home/chester/ansible-pull.log}"
|
|
WORKSPACE="${WORKSPACE:-/home/chester/.ansible_pull_workspace}"
|
|
REPO_URL="${REPO_URL:-git@git.castaldifamily.com:nathan/homelab.git}"
|
|
REPO_REF="${REPO_REF:-main}"
|
|
PLAYBOOK_PATH="${PLAYBOOK_PATH:-ansible/playbooks/self-heal/watchtower.yml}"
|
|
INVENTORY="${INVENTORY:-localhost,}"
|
|
|
|
mkdir -p "$(dirname "$LOG_FILE")" "$WORKSPACE"
|
|
|
|
echo "--- Starting Update: $(date -Is) ---" | tee -a "$LOG_FILE"
|
|
|
|
if [[ "$REPO_URL" == https://*"@"* ]]; then
|
|
echo "WARNING: Credentialed HTTPS URL detected in REPO_URL. Use SSH deploy keys when possible." | tee -a "$LOG_FILE"
|
|
fi
|
|
|
|
ansible-pull \
|
|
-U "$REPO_URL" \
|
|
-C "$REPO_REF" \
|
|
-d "$WORKSPACE" \
|
|
-i "$INVENTORY" \
|
|
"$PLAYBOOK_PATH" 2>&1 | tee -a "$LOG_FILE"
|
|
|
|
echo "--- Update Complete: $(date -Is) ---" | tee -a "$LOG_FILE" |