timmy-config/ansible/roles/deadman_switch/tasks/main.yml

---
# =============================================================================
# deadman_switch/tasks — Wire the Deadman Switch ACTION
# =============================================================================
# The watch fires. This makes it DO something:
#   - On healthy check: snapshot current config as "last known good"
#   - On failed check: rollback to last known good, restart agent
# =============================================================================

- name: "Create snapshot directory"
  file:
    path: "{{ deadman_snapshot_dir }}"
    state: directory
    mode: "0755"

- name: "Deploy deadman switch script"
  template:
    src: deadman_action.sh.j2
    dest: "{{ wizard_home }}/deadman_action.sh"
    mode: "0755"

- name: "Deploy deadman systemd service"
  template:
    src: deadman_switch.service.j2
    dest: "/etc/systemd/system/deadman-{{ wizard_name | lower }}.service"
    mode: "0644"
  when: machine_type == 'vps'
  notify: "Enable deadman service"

- name: "Deploy deadman systemd timer"
  template:
    src: deadman_switch.timer.j2
    dest: "/etc/systemd/system/deadman-{{ wizard_name | lower }}.timer"
    mode: "0644"
  when: machine_type == 'vps'
  notify: "Enable deadman timer"

- name: "Deploy deadman launchd plist (Mac)"
  template:
    src: deadman_switch.plist.j2
    dest: "{{ ansible_env.HOME }}/Library/LaunchAgents/com.timmy.deadman.{{ wizard_name | lower }}.plist"
    mode: "0644"
  when: machine_type == 'mac'
  notify: "Load deadman plist"

- name: "Take initial config snapshot"
  copy:
    src: "{{ wizard_home }}/config.yaml"
    dest: "{{ deadman_snapshot_dir }}/config.yaml.known_good"
    remote_src: true
    mode: "0444"
  ignore_errors: true

handlers:
  - name: "Enable deadman service"
    systemd:
      name: "deadman-{{ wizard_name | lower }}.service"
      daemon_reload: true
      enabled: true

  - name: "Enable deadman timer"
    systemd:
      name: "deadman-{{ wizard_name | lower }}.timer"
      daemon_reload: true
      enabled: true
      state: started

  - name: "Load deadman plist"
    shell: "launchctl load {{ ansible_env.HOME }}/Library/LaunchAgents/com.timmy.deadman.{{ wizard_name | lower }}.plist"
    ignore_errors: true