timmy-config/ansible/roles/webhook_deploy/tasks/main.yml

---
- name: "Create ansible log directory"
  file:
    path: /var/log/ansible
    state: directory
    mode: "0755"

- name: "Deploy webhook handler systemd service (oneshot)"
  copy:
    dest: /etc/systemd/system/webhook-ansible-deploy.service
    mode: "0644"
    content: |
      [Unit]
      Description=Timmy Config Ansible Deploy Webhook Handler
      After=network.target

      [Service]
      Type=oneshot
      WorkingDirectory=/root/wizards/bezalel/workspace/timmy-config
      ExecStart=/usr/bin/ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/site.yml --limit "$(hostname)"
      StandardOutput=append:/var/log/ansible/webhook-deploy.log
      StandardError=append:/var/log/ansible/webhook-deploy.log

- name: "Reload systemd to pick up new service"
  systemd:
    daemon_reload: yes

- name: "Ensure webhook service is disabled (webhook-triggered only)"
  systemd:
    name: webhook-ansible-deploy.service
    enabled: false
    state: stopped