Add watchtower to ansible for real and fix .gitignore

_ansible/roles/watchtower/files/run-once.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+docker compose run -e WATCHTOWER_RUN_ONCE=true -e WATCHTOWER_NOTIFICATIONS= watchtower

_ansible/roles/watchtower/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - watchtower
+    - container
+  block:
+    - import_tasks: steps/create-service-directory.yml
+    - import_tasks: steps/template-docker-compose.yml
+    - import_tasks: steps/template-service-env.yml
+    
+    - name: Copy the run-once script
+      ansible.builtin.copy:
+        src: run-once.sh
+        dest: "{{ (service_path, 'run-once.sh') | path_join }}"
+        mode: '0755'

_ansible/roles/watchtower/vars/main.yml

@@ -0,0 +1,27 @@
+svc:
+  name: watchtower
+
+svc_env:
+  WATCHTOWER_LABEL_ENABLE: true
+  WATCHTOWER_CLEANUP: true
+  WATCHTOWER_SCHEDULE: "0 27 20 * * *"
+
+  WATCHTOWER_NOTIFICATIONS: email
+  WATCHTOWER_NOTIFICATION_EMAIL_FROM: "{{ svc.name }}@serguzim.me"
+  WATCHTOWER_NOTIFICATION_EMAIL_TO: "{{ admin_email }}"
+  WATCHTOWER_NOTIFICATION_EMAIL_SERVER: "{{ mailer.host }}"
+  WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: "{{ mailer.port }}"
+  WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: "{{ svc.name }}@serguzim.me"
+  WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: "{{ vault_watchtower.mailer.pass }}"
+  WATCHTOWER_NOTIFICATION_EMAIL_DELAY: 5
+
+compose:
+  watchtower: false
+  image: containerrr/watchtower
+  env: true
+  volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+  file:
+    services:
+      app:
+        hostname: "{{ ansible_facts.hostname }}"