added netbird-watcher script

ansible/netbird-watcher/playbook.yml

@@ -0,0 +1,117 @@
+---
+# =============================================================================
+# NetBird Watcher Deployment
+# =============================================================================
+# Deploys the peer renamer watcher service.
+#
+# Prerequisites:
+#   1. NetBird instance running
+#   2. NetBird API token (PAT)
+#
+# Usage:
+#   ansible-playbook -i poc-inventory.yml playbook.yml -e vault_netbird_token=<TOKEN>
+# =============================================================================
+
+- name: Deploy NetBird Watcher
+  hosts: netbird_watcher_servers
+  become: true
+  vars_files:
+    - group_vars/netbird_watcher_servers.yml
+
+  pre_tasks:
+    - name: Validate token is provided
+      ansible.builtin.assert:
+        that:
+          - netbird_token is defined
+          - netbird_token | length > 0
+        fail_msg: |
+          NetBird token not provided!
+          Run with: -e vault_netbird_token=<TOKEN>
+
+  tasks:
+    # =========================================================================
+    # Create Directories
+    # =========================================================================
+    - name: Create watcher directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: "0755"
+      loop:
+        - /opt/netbird-watcher
+        - /etc/netbird-watcher
+        - /var/lib/netbird-watcher
+
+    # =========================================================================
+    # Deploy Script
+    # =========================================================================
+    - name: Copy watcher script
+      ansible.builtin.copy:
+        src: ../../watcher/netbird_watcher.py
+        dest: /opt/netbird-watcher/netbird_watcher.py
+        mode: "0755"
+
+    # =========================================================================
+    # Configure
+    # =========================================================================
+    - name: Create config file
+      ansible.builtin.template:
+        src: templates/config.json.j2
+        dest: /etc/netbird-watcher/config.json
+        mode: "0600"
+      notify: Restart netbird-watcher
+
+    # =========================================================================
+    # Systemd Service
+    # =========================================================================
+    - name: Copy systemd service
+      ansible.builtin.copy:
+        src: ../../watcher/netbird-watcher.service
+        dest: /etc/systemd/system/netbird-watcher.service
+        mode: "0644"
+      notify: Restart netbird-watcher
+
+    - name: Reload systemd
+      ansible.builtin.systemd:
+        daemon_reload: true
+
+    - name: Start and enable watcher service
+      ansible.builtin.systemd:
+        name: netbird-watcher
+        state: started
+        enabled: true
+
+    # =========================================================================
+    # Verify
+    # =========================================================================
+    - name: Wait for service to stabilize
+      ansible.builtin.pause:
+        seconds: 3
+
+    - name: Check service status
+      ansible.builtin.systemd:
+        name: netbird-watcher
+      register: watcher_status
+
+    - name: Display deployment status
+      ansible.builtin.debug:
+        msg: |
+          ============================================
+          NetBird Watcher Deployed!
+          ============================================
+
+          Service status: {{ watcher_status.status.ActiveState }}
+
+          View logs:
+            journalctl -u netbird-watcher -f
+
+          State file:
+            /var/lib/netbird-watcher/state.json
+
+          ============================================
+
+  handlers:
+    - name: Restart netbird-watcher
+      ansible.builtin.systemd:
+        name: netbird-watcher
+        state: restarted