runner

Ansible role that deployes services on my runner machine

2.6 KB•YML

validate-vault.yml

2.6 KB • 74 lines • yaml

1---
2# Runner Role - Vault Variable Validation
3# Fail fast if critical vault secrets are missing or empty
4
5- name: Validate PostgreSQL vault variables (Immich)
6  ansible.builtin.assert:
7    that:
8      - postgres_password | default('') | length > 0
9      - postgres_db | default('') | length > 0
10      - postgres_user | default('') | length > 0
11    fail_msg: |
12      Missing PostgreSQL vault variables required by Immich.
13      Ensure vault_runner contains: postgres_password, postgres_db, postgres_user
14    success_msg: "PostgreSQL vault variables validated"
15  when: immich_enabled
16  tags: [always, validation]
17
18- name: Validate Immich JWT secret
19  ansible.builtin.assert:
20    that:
21      - immich_jwt_secret | default('') | length > 0
22    fail_msg: |
23      Missing Immich JWT secret.
24      Ensure vault_runner contains: immich_jwt_secret
25    success_msg: "Immich JWT secret validated"
26  when: immich_enabled
27  tags: [always, validation]
28
29- name: Validate MySQL vault variables (Ghost)
30  ansible.builtin.assert:
31    that:
32      - mysql_password | default('') | length > 0
33      - mysql_root_password | default('') | length > 0
34    fail_msg: |
35      Missing MySQL vault variables required by Ghost CMS.
36      Ensure vault_runner contains: mysql_password, mysql_root_password
37    success_msg: "MySQL vault variables validated"
38  when: ghost_enabled
39  tags: [always, validation]
40
41- name: Validate Tandoor secret key
42  ansible.builtin.assert:
43    that:
44      - tandoor_secret_key | default('') | length > 0
45    fail_msg: |
46      Missing Tandoor secret key.
47      Ensure vault_runner contains: tandoor_secret_key
48    success_msg: "Tandoor secret key validated"
49  when: tandoor_enabled
50  tags: [always, validation]
51
52- name: Validate Frigate MQTT credentials
53  ansible.builtin.assert:
54    that:
55      - frigate_mqtt_username | default('') | length > 0
56      - frigate_mqtt_password | default('') | length > 0
57    fail_msg: |
58      Missing Frigate MQTT credentials.
59      Ensure vault_runner contains: frigate_mqtt_username, frigate_mqtt_password
60    success_msg: "Frigate MQTT credentials validated"
61  when: frigate_enabled and frigate_mqtt_enabled
62  tags: [always, validation]
63
64- name: Validate at least one camera has a non-empty host
65  ansible.builtin.assert:
66    that:
67      - frigate_cameras | selectattr('enabled', 'equalto', true) | selectattr('host', 'ne', '') | list | length > 0
68    fail_msg: |
69      No enabled Frigate cameras have a configured host.
70      Ensure at least one camera in frigate_cameras has a non-empty host from vault.
71    success_msg: "Frigate camera configuration validated"
72  when: frigate_enabled
73  tags: [always, validation]
74

1--- 2# Runner Role - Vault Variable Validation 3# Fail fast if critical vault secrets are missing or empty 4 5- name: Validate PostgreSQL vault variables (Immich) 6 ansible.builtin.assert: 7 that: 8 - postgres_password | default('') | length > 0 9 - postgres_db | default('') | length > 0 10 - postgres_user | default('') | length > 0 11 fail_msg: | 12 Missing PostgreSQL vault variables required by Immich. 13 Ensure vault_runner contains: postgres_password, postgres_db, postgres_user 14 success_msg: "PostgreSQL vault variables validated" 15 when: immich_enabled 16 tags: [always, validation] 17 18- name: Validate Immich JWT secret 19 ansible.builtin.assert: 20 that: 21 - immich_jwt_secret | default('') | length > 0 22 fail_msg: | 23 Missing Immich JWT secret. 24 Ensure vault_runner contains: immich_jwt_secret 25 success_msg: "Immich JWT secret validated" 26 when: immich_enabled 27 tags: [always, validation] 28 29- name: Validate MySQL vault variables (Ghost) 30 ansible.builtin.assert: 31 that: 32 - mysql_password | default('') | length > 0 33 - mysql_root_password | default('') | length > 0 34 fail_msg: | 35 Missing MySQL vault variables required by Ghost CMS. 36 Ensure vault_runner contains: mysql_password, mysql_root_password 37 success_msg: "MySQL vault variables validated" 38 when: ghost_enabled 39 tags: [always, validation] 40 41- name: Validate Tandoor secret key 42 ansible.builtin.assert: 43 that: 44 - tandoor_secret_key | default('') | length > 0 45 fail_msg: | 46 Missing Tandoor secret key. 47 Ensure vault_runner contains: tandoor_secret_key 48 success_msg: "Tandoor secret key validated" 49 when: tandoor_enabled 50 tags: [always, validation] 51 52- name: Validate Frigate MQTT credentials 53 ansible.builtin.assert: 54 that: 55 - frigate_mqtt_username | default('') | length > 0 56 - frigate_mqtt_password | default('') | length > 0 57 fail_msg: | 58 Missing Frigate MQTT credentials. 59 Ensure vault_runner contains: frigate_mqtt_username, frigate_mqtt_password 60 success_msg: "Frigate MQTT credentials validated" 61 when: frigate_enabled and frigate_mqtt_enabled 62 tags: [always, validation] 63 64- name: Validate at least one camera has a non-empty host 65 ansible.builtin.assert: 66 that: 67 - frigate_cameras | selectattr('enabled', 'equalto', true) | selectattr('host', 'ne', '') | list | length > 0 68 fail_msg: | 69 No enabled Frigate cameras have a configured host. 70 Ensure at least one camera in frigate_cameras has a non-empty host from vault. 71 success_msg: "Frigate camera configuration validated" 72 when: frigate_enabled 73 tags: [always, validation] 74