feat: full untested ansible setup

roles/bun_app/tasks/main.yml

@@ -0,0 +1,110 @@
+---
+- name: Ensure Bun app group exists
+  ansible.builtin.group:
+    name: "{{ bun_app.deploy_group }}"
+    state: present
+
+- name: Ensure Bun app user exists
+  ansible.builtin.user:
+    name: "{{ bun_app.deploy_user }}"
+    group: "{{ bun_app.deploy_group }}"
+    system: true
+    shell: /usr/sbin/nologin
+    create_home: true
+
+- name: Ensure Bun app directories exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ bun_app.deploy_user }}"
+    group: "{{ bun_app.deploy_group }}"
+    mode: "0755"
+  loop:
+    - "{{ bun_app.path }}"
+    - "/var/lib/{{ bun_app.name }}"
+    - "/etc/{{ bun_app.name }}"
+
+- name: Ensure Bun app extra directories exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner | default(bun_app.deploy_user) }}"
+    group: "{{ item.group | default(bun_app.deploy_group) }}"
+    mode: "{{ item.mode | default('0755') }}"
+  loop: "{{ bun_app.extra_directories | default([]) }}"
+
+- name: Install Bun app deploy key when provided
+  ansible.builtin.copy:
+    dest: "/etc/{{ bun_app.name }}/deploy_key"
+    content: "{{ bun_app.git_ssh_key }}"
+    owner: "{{ bun_app.deploy_user }}"
+    group: "{{ bun_app.deploy_group }}"
+    mode: "0600"
+  when:
+    - bun_app.git_ssh_key is defined
+    - bun_app.git_ssh_key | length > 0
+
+- name: Deploy Bun app checkout
+  ansible.builtin.git:
+    repo: "{{ bun_app.repo }}"
+    version: "{{ bun_app.version }}"
+    dest: "{{ bun_app.path }}"
+    accept_hostkey: true
+    key_file: "{{ '/etc/' ~ bun_app.name ~ '/deploy_key' if (bun_app.git_ssh_key is defined and bun_app.git_ssh_key | length > 0) else omit }}"
+    update: true
+  become_user: "{{ bun_app.deploy_user }}"
+  register: bun_app_checkout
+
+- name: Check whether Bun app has package metadata
+  ansible.builtin.stat:
+    path: "{{ bun_app.path }}/package.json"
+  register: bun_app_package_json
+
+- name: Check whether Bun app dependencies are installed
+  ansible.builtin.stat:
+    path: "{{ bun_app.path }}/node_modules"
+  register: bun_app_node_modules
+
+- name: Install Bun app dependencies
+  ansible.builtin.command:
+    cmd: "{{ bun_bin_path }} install"
+    chdir: "{{ bun_app.path }}"
+  become_user: "{{ bun_app.deploy_user }}"
+  when:
+    - bun_app_package_json.stat.exists
+    - bun_app_checkout.changed or not bun_app_node_modules.stat.exists
+  register: bun_app_install
+
+- name: Render Bun app environment file
+  ansible.builtin.template:
+    src: bun-app.env.j2
+    dest: "/etc/{{ bun_app.name }}/app.env"
+    owner: root
+    group: "{{ bun_app.deploy_group }}"
+    mode: "0640"
+  register: bun_app_env
+
+- name: Install Bun app systemd unit
+  ansible.builtin.template:
+    src: bun-app.service.j2
+    dest: "/etc/systemd/system/{{ bun_app.service_name }}.service"
+    owner: root
+    group: root
+    mode: "0644"
+  register: bun_app_unit
+
+- name: Reload systemd for Bun app changes
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: bun_app_unit.changed
+
+- name: Ensure Bun app service is enabled and running
+  ansible.builtin.service:
+    name: "{{ bun_app.service_name }}"
+    state: >-
+      {{
+        'restarted'
+        if (bun_app_checkout.changed or bun_app_env.changed or bun_app_unit.changed or (bun_app_install is defined and bun_app_install.changed))
+        else 'started'
+      }}
+    enabled: true

roles/bun_app/templates/bun-app.env.j2

@@ -0,0 +1,6 @@
+{% set app_vault_env = vars['vault_' + (bun_app.name | replace('-', '_')) + '_env'] | default({}) %}
+{% set app_non_vault_env_keys = bun_app.non_vault_env_keys | default([]) %}
+{% set app_filtered_vault_env = app_vault_env | dict2items | rejectattr('key', 'in', app_non_vault_env_keys) | items2dict %}
+{% for key, value in (bun_app.env | combine(app_filtered_vault_env)) | dictsort %}
+{{ key }}={{ value }}
+{% endfor %}

roles/bun_app/templates/bun-app.service.j2

@@ -0,0 +1,17 @@
+[Unit]
+Description={{ bun_app.name }} Bun service
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User={{ bun_app.deploy_user }}
+Group={{ bun_app.deploy_group }}
+WorkingDirectory={{ bun_app.path }}
+EnvironmentFile=/etc/{{ bun_app.name }}/app.env
+ExecStart={{ bun_bin_path }} {{ bun_app.entrypoint }}
+Restart=always
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target