feat(ansible): add webhook receiver service and register Gitea webhook

This completes the Gitea webhook requirement for ansible IaC (#442). The webhook (ID 34) was registered via API to fire on PR merge and trigger ansible-pull to converge the fleet. Added webhook_deploy role that provisions a systemd oneshot service to handle the webhook endpoint. Made deploy_on_webhook.sh executable. Closes #442
2026-04-30 18:20:20 -04:00
parent d913be508b
commit 06e037bf9a
3 changed files with 34 additions and 0 deletions
--- a/ansible/roles/webhook_deploy/tasks/main.yml
+++ b/ansible/roles/webhook_deploy/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+- name: "Create ansible log directory"
+  file:
+    path: /var/log/ansible
+    state: directory
+    mode: "0755"
+
+- name: "Deploy webhook handler systemd service (oneshot)"
+  copy:
+    dest: /etc/systemd/system/webhook-ansible-deploy.service
+    mode: "0644"
+    content: |
+      [Unit]
+      Description=Timmy Config Ansible Deploy Webhook Handler
+      After=network.target
+
+      [Service]
+      Type=oneshot
+      WorkingDirectory=/root/wizards/bezalel/workspace/timmy-config
+      ExecStart=/usr/bin/ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/site.yml --limit "$(hostname)"
+      StandardOutput=append:/var/log/ansible/webhook-deploy.log
+      StandardError=append:/var/log/ansible/webhook-deploy.log
+
+- name: "Reload systemd to pick up new service"
+  systemd:
+    daemon_reload: yes
+
+- name: "Ensure webhook service is disabled (webhook-triggered only)"
+  systemd:
+    name: webhook-ansible-deploy.service
+    enabled: false
+    state: stopped