Harden quarantine provisioning; enforce strict permissions and update Ansible and docs

2026-02-12 07:47:48 +01:00
parent 037b176892
commit 1768f61da1
44 changed files with 2587 additions and 698 deletions
--- a/scripts/deploy_provision.sh
+++ b/scripts/deploy_provision.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+# Wrapper to provision upload-logger directories using Ansible if available,
+# otherwise falling back to the included provision_dirs.sh script.
+set -euo pipefail
+ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+ANSIBLE_PLAYBOOK="$(command -v ansible-playbook || true)"
+PLAYBOOK_PATH="$ROOT_DIR/scripts/ansible/provision-full.yml"
+FALLBACK_SCRIPT="$ROOT_DIR/scripts/provision_dirs.sh"
+
+if [[ -n "$ANSIBLE_PLAYBOOK" && -f "$PLAYBOOK_PATH" ]]; then
+  echo "Running Ansible playbook: $PLAYBOOK_PATH"
+  # Use local connection if running on the target host
+  if [[ "$1" == "local" ]]; then
+    sudo ansible-playbook -i localhost, -c local "$PLAYBOOK_PATH"
+  else
+    sudo ansible-playbook "$PLAYBOOK_PATH"
+  fi
+else
+  echo "Ansible not available or playbook missing; using fallback script"
+  sudo "$FALLBACK_SCRIPT" "$@"
+fi