commit 9a39805c3275ea2b52c02049447993f1e52da2a9
parent d116ced59bb86921e68f4e89d3b210abc3568712
Author: Florian Dold <florian@dold.me>
Date: Tue, 17 Feb 2026 00:50:58 +0100
tweaks
Diffstat:
3 files changed, 46 insertions(+), 30 deletions(-)
diff --git a/roles/challenger/tasks/pre-exchange.yml b/roles/challenger/tasks/pre-exchange.yml
@@ -2,6 +2,12 @@
- name: Populate service facts
service_facts:
+- name: Ensure default challenger service is stopped
+ ansible.builtin.systemd:
+ name: challenger-httpd
+ state: stopped
+ enabled: false
+
- name: Ensure SMS challenger service is stopped before we upgrade
ansible.builtin.systemd:
name: sms-challenger
diff --git a/roles/exchange/defaults/main.yml b/roles/exchange/defaults/main.yml
@@ -1 +1,4 @@
-exchange_use_letsencrypt: true
-\ No newline at end of file
+exchange_use_letsencrypt: true
+typst_version: "0.14.2"
+typst_checksum: "sha256:a6044cbad2a954deb921167e257e120ac0a16b20339ec01121194ff9d394996d"
+typst_download_url: "https://github.com/typst/typst/releases/download/v{{ typst_version }}/typst-x86_64-unknown-linux-musl.tar.xz"
diff --git a/roles/exchange/tasks/main.yml b/roles/exchange/tasks/main.yml
@@ -24,33 +24,44 @@
state: latest
when: ansible_os_family == 'Debian'
+- name: Install pdftk
+ ansible.builtin.apt:
+ name:
+ - pdftk
+ state: latest
+ when: ansible_os_family == 'Debian'
-- name: Install PDF creation tools
- vars:
- typst_version: "0.14.2"
- typst_checksum: "sha256:a6044cbad2a954deb921167e257e120ac0a16b20339ec01121194ff9d394996d"
- typst_download_url: "https://github.com/typst/typst/releases/download/v{{ typst_version }}/typst-x86_64-unknown-linux-musl.tar.xz"
+- name: Check if Typst binary exists
+ ansible.builtin.stat:
+ path: "{{ typst_bin_path | default('/usr/local/bin/typst') }}"
+ register: typst_stat
+
+- name: Get current Typst version
+ ansible.builtin.command: "{{ typst_bin_path | default('/usr/local/bin/typst') }} --version"
+ register: typst_version_check
+ changed_when: false
+ failed_when: false
+ when: typst_stat.stat.exists
+
+- name: Install or Update Typst
+ # Only runs if binary is missing OR the version string doesn't match our target
+ when: >
+ not typst_stat.stat.exists or
+ typst_version not in (typst_version_check.stdout | default(''))
block:
- - name: Install pdftk
- ansible.builtin.apt:
- name:
- - pdftk
- state: latest
- when: ansible_os_family == 'Debian'
-
- name: Create temporary directory for extraction
ansible.builtin.tempfile:
state: directory
suffix: typst_install
register: temp_dir
- - name: Download and verify Typst binary
+ - name: Download Typst release archive
ansible.builtin.get_url:
- url: "{{ typst_download_url }}"
+ url: "https://github.com/typst/typst/releases/download/v{{ typst_version }}/typst-x86_64-unknown-linux-musl.tar.xz"
dest: "{{ temp_dir.path }}/typst.tar.xz"
checksum: "{{ typst_checksum }}"
- mode: "0644"
+ mode: '0644'
- name: Unarchive Typst binary
ansible.builtin.unarchive:
@@ -58,29 +69,26 @@
dest: "{{ temp_dir.path }}"
remote_src: true
- - name: Install Typst to /usr/local/bin
+ - name: Copy binary to destination
ansible.builtin.copy:
- # The archive extracts into a folder named 'typst-x86_64-unknown-linux-musl'
+ # Note: The folder inside the tar.xz matches the release name
src: "{{ temp_dir.path }}/typst-x86_64-unknown-linux-musl/typst"
- dest: /usr/local/bin/typst
- mode: "0755"
+ dest: "{{ typst_bin_path | default('/usr/local/bin/typst') }}"
+ mode: '0755'
owner: root
group: root
remote_src: true
- - name: Cleanup temporary files
+ - name: Cleanup temporary directory
ansible.builtin.file:
path: "{{ temp_dir.path }}"
state: absent
- - name: Verify installation
- ansible.builtin.command: typst --version
- register: typst_output
- changed_when: false
-
- - name: Print Typst version
- ansible.builtin.debug:
- msg: "Typst installed: {{ typst_output.stdout }}"
+- name: Verify Typst is functional
+ ansible.builtin.command: "{{ typst_bin_path | default('/usr/local/bin/typst') }} --version"
+ register: typst_final_check
+ changed_when: false
+ failed_when: "typst_version not in typst_final_check.stdout"
- name: Ensure Taler exchange virtualhost configuration file exists
ansible.builtin.template:
