- name: Ensure data directories exist ansible.builtin.file: path: "{{ container_base_dir }}/{{ item }}" state: directory mode: '0755' loop: - "data" - "secrets" become: false - name: Check if jwt_secret file exists ansible.builtin.stat: path: "{{ container_base_dir }}/secrets/jwt_secret" register: jwt_secret_stat - name: Check if key_seed file exists ansible.builtin.stat: path: "{{ container_base_dir }}/secrets/key_seed" register: key_seed_stat - name: Generate JWT secret if not exists set_fact: jwt_secret: "{{ lookup('community.general.random_string', 'length=32 upper=true lower=true digits=true special=true override_special=!#%&()*+,-./:;<=>?@[]^_{|}~') }}" when: not jwt_secret_stat.stat.exists run_once: true - name: Generate Key Seed if not exists set_fact: key_seed: "{{ lookup('community.general.random_string', 'length=32 upper=true lower=true digits=true special=true override_special=!#%&()*+,-./:;<=>?@[]^_{|}~') }}" when: not key_seed_stat.stat.exists run_once: true - name: Copy JWT secret to host if generated ansible.builtin.copy: content: "{{ jwt_secret }}" dest: "{{ container_base_dir }}/secrets/jwt_secret" mode: '0644' when: jwt_secret is defined become: false - name: Copy Key Seed to host if generated ansible.builtin.copy: content: "{{ key_seed }}" dest: "{{ container_base_dir }}/secrets/key_seed" mode: '0644' when: key_seed is defined become: false - name: Write LDAP admin user password to file if not exists ansible.builtin.copy: content: "{{ container_lldap_ldap_user_pass }}" dest: "{{ container_base_dir }}/secrets/ldap_user_pass" mode: '0644' become: false - name: Deploy Docker Compose and .env files ansible.builtin.template: src: "{{ item.src }}" dest: "{{ container_base_dir }}/{{ item.dest }}" mode: '0644' loop: - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: '.env.j2', dest: '.env' } become: false - name: Start Container community.docker.docker_compose_v2: project_src: "{{ container_base_dir }}" pull: always docker_host: "unix:///run/user/1000/docker.sock" become: false