timmy-config/ansible/roles/cron_manager/tasks/main.yml

---
# =============================================================================
# cron_manager/tasks — Source-Controlled Cron Jobs
# =============================================================================
# All cron jobs are defined in group_vars/wizards.yml.
# No manual crontab edits. This is the only way to manage cron.
# =============================================================================

- name: "Deploy managed cron jobs"
  cron:
    name: "{{ item.name }}"
    job: "{{ item.job }}"
    minute: "{{ item.minute | default('*') }}"
    hour: "{{ item.hour | default('*') }}"
    day: "{{ item.day | default('*') }}"
    month: "{{ item.month | default('*') }}"
    weekday: "{{ item.weekday | default('*') }}"
    state: "{{ 'present' if item.enabled else 'absent' }}"
    user: "{{ ansible_user | default('root') }}"
  loop: "{{ cron_jobs }}"
  when: cron_jobs is defined

- name: "Deploy deadman switch cron (fallback if systemd timer unavailable)"
  cron:
    name: "Deadman switch — {{ wizard_name }}"
    job: "{{ wizard_home }}/deadman_action.sh >> {{ timmy_log_dir }}/deadman-{{ wizard_name }}.log 2>&1"
    minute: "*/5"
    hour: "*"
    state: present
    user: "{{ ansible_user | default('root') }}"
  when: deadman_enabled and machine_type != 'vps'
  # VPS machines use systemd timers instead

- name: "Remove legacy cron jobs (cleanup)"
  cron:
    name: "{{ item }}"
    state: absent
    user: "{{ ansible_user | default('root') }}"
  loop:
    - "legacy-deadman-watch"
    - "old-health-check"
    - "backup-deadman"
  ignore_errors: true

- name: "List active cron jobs"
  shell: "crontab -l 2>/dev/null | grep -v '^#' | grep -v '^$' || echo 'No cron jobs found.'"
  register: active_crons
  changed_when: false

- name: "Report cron status"
  debug:
    msg: |
      {{ wizard_name }} cron jobs deployed.
      Active:
      {{ active_crons.stdout }}