Fix issues 3,5,6,7,8,9,11,15,16: security hardening and reliability improvements

- ansible.cfg: enable host_key_checking (closes #1) - update_upgrade.yml: fix reboot crash on non-Debian hosts, exclude AnsibleHost from targets (closes #2, #7) - deploy.yml: replace silent ignore_errors with real container health assertion (closes #3) - redeploy.yml: same assertion fix + restic --overwrite always + RESTIC_RESTORE_PATH variable (closes #3, #4, #5) - disaster.yml: same fixes as redeploy.yml (closes #3, #4, #5) - docker_update_containers.yml: create missing playbook (closes #6) - fresh_install.yml: add safety guard to abort if containers already running (closes #8) - docker_status.yml: add become: true (closes #9) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 14:14:14 -04:00
parent fa67a195ab
commit d2e8cc6e70
8 changed files with 106 additions and 28 deletions
@@ -12,13 +12,13 @@
        path: ~/docker/caddy
        state: directory
        mode: '0755'
-    
+
    - name: Create ddns folder
      ansible.builtin.file:
        path: ~/docker/ddns
        state: directory
        mode: '0755'
-        
+
    - name: Copy encrypted docker-compose
      ansible.builtin.copy:
        src: ./vault/compose/docker-compose.yml
@@ -38,15 +38,21 @@
      ansible.builtin.command:
        cmd: docker compose up -d
        chdir: ~/docker
-      ignore_errors: yes

    - name: Pause for 30 seconds to allow containers to stabilize
      ansible.builtin.pause:
        seconds: 30

-    - name: Check container status
-      ansible.builtin.shell: docker compose ps -q | xargs -n1 docker container inspect --format '{{ "{{" }} .State.Running {{ "}}" }}'
+    - name: Verify all containers are running
+      ansible.builtin.shell: |
+        expected=$(docker compose config --services | wc -l | tr -d ' ')
+        running=$(docker compose ps --status running -q | wc -l | tr -d ' ')
+        if [ "$expected" != "$running" ]; then
+          echo "FAIL: $running/$expected containers running"
+          docker compose ps
+          exit 1
+        fi
+        echo "OK: all $running containers running"
      args:
        chdir: ~/docker
-      register: container_status
-      ignore_errors: yes
+      changed_when: false