feat: add system maintenance automation

2025-11-01 19:56:42 +01:00
parent b76064d94a
commit 2d99a23286
14 changed files with 209 additions and 15 deletions
--- a/deployment/ansible/playbooks/deploy-update.yml
+++ b/deployment/ansible/playbooks/deploy-update.yml
@@ -25,6 +25,11 @@
        docker_registry_username: "{{ docker_registry_username | default(vault_docker_registry_username | default(docker_registry_username_default)) }}"
        docker_registry_password: "{{ docker_registry_password | default(vault_docker_registry_password | default(docker_registry_password_default)) }}"

+    - name: Ensure system packages are up to date
+      include_role:
+        name: system
+      when: system_update_packages | bool
+
    - name: Verify Docker is running
      systemd:
        name: docker
--- a/deployment/ansible/playbooks/setup-infrastructure.yml
+++ b/deployment/ansible/playbooks/setup-infrastructure.yml
@@ -26,6 +26,11 @@
        msg: "Deployment stacks directory not found at {{ stacks_base_path }}"
      when: not stacks_dir.stat.exists

+    - name: Ensure system packages are up to date
+      include_role:
+        name: system
+      when: system_update_packages | bool
+
    # Create external networks required by all stacks
    - name: Create traefik-public network
      community.docker.docker_network:
--- a/deployment/ansible/playbooks/system-maintenance.yml
+++ b/deployment/ansible/playbooks/system-maintenance.yml
@@ -0,0 +1,11 @@
+---
+- name: Apply system maintenance on production hosts
+  hosts: production
+  gather_facts: yes
+  become: yes
+
+  tasks:
+    - name: Run system maintenance role
+      include_role:
+        name: system
+      when: system_update_packages | bool