kovalhome/infra/music/0003_music_playbook.yaml

- name: Deploy app
  hosts: music
  gather_facts: false
  vars:
    app: music
  tasks:
    - name: Wait for connection
      ansible.builtin.wait_for_connection:
        timeout: 300
    - name: Get user
      ansible.builtin.user:
        name: debian
      register: user
    - name: Docker compose down
      ansible.builtin.command: docker compose down
      args:
        chdir: "{{ user.home }}/{{ app }}"
      ignore_errors: true
    - name: Copy project
      ansible.builtin.copy:
        src: "./{{ app }}"
        dest: "{{ user.home }}"
        mode: "0744"

    - name: Replace LastFM API key secret
      ansible.builtin.replace:
        path: "{{ user.home }}/{{ app }}/.env"
        regexp: "LASTFM_APIKEY_VALUE"
        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}"
    - name: Replace LastFM secret
      ansible.builtin.replace:
        path: "{{ user.home }}/{{ app }}/.env"
        regexp: "LASTFM_SECRET_VALUE"
        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}"
    - name: Replace Mongo Password secret
      ansible.builtin.replace:
        path: "{{ user.home }}/{{ app }}/.env"
        regexp: "SPOTIFY_ID_VALUE"
        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}"
    - name: Replace SMTP Password secret
      ansible.builtin.replace:
        path: "{{ user.home }}/{{ app }}/.env"
        regexp: "SPOTIFY_SECRET_VALUE"
        replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}"

    - name: Docker compose up -d
      ansible.builtin.command: docker compose up -d
      args:
        chdir: "{{ user.home }}/{{ app }}"

    - name: Update data permissions
      ansible.builtin.file:
        path: /mnt/nvme
        state: directory
        recurse: true
        owner: debian
        group: debian
      become: true

    - name: Update media permissions
      ansible.builtin.file:
        path: /mnt/media
        state: directory
        recurse: true
        owner: debian
        group: debian
      become: true