--- # Sync code, write secrets, bring the stack up. - name: Sync app code from local machine synchronize: src: "{{ local_repo_path }}" dest: "{{ app_dir }}/" delete: true recursive: true rsync_opts: - "--exclude=.git" - "--exclude=**/__pycache__" - "--exclude=**/.env" - "--exclude=**/gcp-key.json" - "--exclude=**/node_modules" - "--exclude=drb-c2-core/gcp-key.json" - "--exclude=infra/" become: false # rsync runs as the SSH user, not root - name: Set ownership of app directory file: path: "{{ app_dir }}" state: directory owner: "{{ ssh_user }}" group: "{{ ssh_user }}" recurse: true # No gcp-key.json needed — the VM authenticates to GCS/Firestore via ADC # (GCE metadata server). IAM roles are granted by Terraform. - name: Template top-level .env (docker-compose MQTT creds) template: src: root.env.j2 dest: "{{ app_dir }}/.env" owner: "{{ ssh_user }}" group: "{{ ssh_user }}" mode: "0600" - name: Template c2-core .env template: src: c2-core.env.j2 dest: "{{ app_dir }}/drb-c2-core/.env" owner: "{{ ssh_user }}" group: "{{ ssh_user }}" mode: "0600" - name: Template discord-bot .env template: src: discord-bot.env.j2 dest: "{{ app_dir }}/drb-server-discord-bot/.env" owner: "{{ ssh_user }}" group: "{{ ssh_user }}" mode: "0600" - name: Template frontend .env template: src: frontend.env.j2 dest: "{{ app_dir }}/drb-frontend/.env" owner: "{{ ssh_user }}" group: "{{ ssh_user }}" mode: "0600" - name: Deploy Caddyfile template: src: Caddyfile.j2 dest: /etc/caddy/Caddyfile owner: root group: root mode: "0644" notify: Reload Caddy - name: Bring the stack up (builds images if changed) community.docker.docker_compose_v2: project_src: "{{ app_dir }}" build: always state: present pull: never become: true environment: DOCKER_BUILDKIT: "1" - name: Prune unused Docker images community.docker.docker_prune: images: true images_filters: dangling: true