Consider generating playbook.yml with code

[pumbaasdad]

Using role variables where everything is really global is getting a bit unwieldy.

Instead of using yaml to define everything, consider writing a program that will generate the yaml (like terraform CDK). Output could be a flat playbook. Don't need to use ansible loops, code can easily generate tasks for each file, and each task can have its own handler if necessary.

[pumbaasdad]

As a further step, could read the secrets in the external program write them directly into the playbook.

Instead of saving the playbook to disk, run it like: generator | ansible-playbook /dev/stdin.

Problem with this is it seems to look for other files relative to the location of the playbook... which means it won't be be able to access templates.

Alternatively, could write the playbook to disk, but it would need to look over secrets to generate dns config files.

[pumbaasdad]

Could also potentially write to a fifo in the correct directory.

[pumbaasdad]

https://www.nuget.org/packages/ansible-net/

[pumbaasdad]

https://ansible-runner.readthedocs.io/en/stable/ https://wiki.gnupg.org/APIs https://wiki.python.org/moin/GnuPrivacyGuard

[pumbaasdad]

For installing required apt packages:

https://stackoverflow.com/questions/59286983/how-to-run-a-script-using-pyproject-toml-settings-and-poetry https://stackoverflow.com/questions/8481943/using-apt-get-install-xxx-inside-python-script

[pumbaasdad]

For required libraries: https://realpython.com/python-wheels/#bundling-shared-libraries https://docs.python.org/3/distutils/setupscript.html#preprocessor-options https://docs.python.org/3/distutils/setupscript.html#library-options

It's possible that all of this wheel stuff is what should be done by the python3-gpg library to prevent having to install stuff. Don't know if it will work for a wheel of my own thing.

Using a wheel to install may also require hosting on cloudsmith (doesn't make sense to have wheels checked into github so tools may not support them... this based on an old stackoverflow, here is a newer answer: https://stackoverflow.com/questions/68848055/pip-install-a-whl-on-a-private-github-repo).

poetry only supports pure python wheels at the moment... would have to build using other tools.

[pumbaasdad]

Could avoid all of this by running the playbook from a container... but then would need to get GPG keys into the container and make sure the container has access to the right locations. Planned to try to use GPG keys in volumerize container, so maybe it's not difficult.

Either way, simplifying the setup of this repo isn't really part of this issue.

[pumbaasdad]

Started down this path, and making variables recursively resolve and allowing defaults do be overridden is non-trivial and something that ansible already does well.

While there are benefits to this approach, its not worth the effort right now.

[pumbaasdad]

Going to spend a bit of time working it out before I give up.

Key is likely to not evaluate variables until everything is loaded, and then using some recursion, or possibly creating ansible variables and letting it do the heavy lifting.

[pumbaasdad]

On one hand, the thought of custom code feel wrong, on the other hand, writing code inside jinja is probably worse.