From 4f87b67a4e2cb21649cc7c6d50396bf5b15093e5 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Sun, 21 Jun 2026 20:18:11 +0800 Subject: [PATCH] feat(xworkmate_bridge): add Windows Scheduled Task deployment and skip Caddy on Windows --- group_vars/all.yml | 10 +++---- .../vhosts/xworkmate_bridge/handlers/main.yml | 14 ++++++++++ roles/vhosts/xworkmate_bridge/tasks/main.yml | 18 ++++++++----- .../vhosts/xworkmate_bridge/tasks/windows.yml | 26 +++++++++++++++++++ .../xworkmate_bridge/templates/start.ps1.j2 | 6 +++++ 5 files changed, 63 insertions(+), 11 deletions(-) create mode 100644 roles/vhosts/xworkmate_bridge/tasks/windows.yml create mode 100644 roles/vhosts/xworkmate_bridge/templates/start.ps1.j2 diff --git a/group_vars/all.yml b/group_vars/all.yml index 6460c0b..3ffc63a 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -7,11 +7,11 @@ ansible_host_key_checking: False # Set to 'strict' to disable public Caddy/Ingress access for all roles. ai_workspace_security_level: standard -# Whether to install/configure the Caddy reverse proxy (public HTTP/TLS ingress). -# Default: enabled on Linux, disabled on macOS single-host deploys (no system -# Caddy, /etc/caddy not writable). Override anytime with -e caddy_enabled=true -# (force on) or -e caddy_enabled=false (force off) — extra-vars win. -caddy_enabled: "{{ ansible_os_family != 'Darwin' }}" +# Caddy ingress is enabled by default on Linux where we expect a dedicated box. +# It is disabled on macOS (developer workstation with port conflicts) and Windows +# (Caddy not natively supported in our Windows pipeline). +# Override anytime with -e caddy_enabled=true or -e caddy_enabled=false. +caddy_enabled: "{{ ansible_os_family != 'Darwin' and ansible_os_family != 'Windows' }}" # Caddy config root. Linux uses the system path /etc/caddy; macOS (Homebrew) # uses /opt/homebrew/etc/caddy. Roles derive their Caddyfile / conf.d / fragment diff --git a/roles/vhosts/xworkmate_bridge/handlers/main.yml b/roles/vhosts/xworkmate_bridge/handlers/main.yml index f6bc942..8c45dd0 100644 --- a/roles/vhosts/xworkmate_bridge/handlers/main.yml +++ b/roles/vhosts/xworkmate_bridge/handlers/main.yml @@ -22,6 +22,20 @@ when: ansible_system == 'Darwin' listen: Restart bridge +- name: Stop bridge on Windows + community.windows.win_command: + cmd: schtasks /End /TN "xworkmate-bridge" + failed_when: false + changed_when: false + when: ansible_os_family == 'Windows' + listen: Restart bridge + +- name: Start bridge on Windows + community.windows.win_command: + cmd: schtasks /Run /TN "xworkmate-bridge" + when: ansible_os_family == 'Windows' + listen: Restart bridge + - name: Reload caddy ansible.builtin.systemd: name: caddy diff --git a/roles/vhosts/xworkmate_bridge/tasks/main.yml b/roles/vhosts/xworkmate_bridge/tasks/main.yml index a647e3e..bd8339d 100644 --- a/roles/vhosts/xworkmate_bridge/tasks/main.yml +++ b/roles/vhosts/xworkmate_bridge/tasks/main.yml @@ -23,9 +23,9 @@ ansible.builtin.file: path: "{{ xworkmate_bridge_base_dir }}" state: directory - owner: "{{ xworkmate_bridge_service_user }}" - group: "{{ xworkmate_bridge_service_group }}" - mode: "0755" + owner: "{{ xworkmate_bridge_service_user if ansible_os_family != 'Windows' else omit }}" + group: "{{ xworkmate_bridge_service_group if ansible_os_family != 'Windows' else omit }}" + mode: "{{ '0755' if ansible_os_family != 'Windows' else omit }}" - name: Read existing xworkmate-bridge auth token from systemd units ansible.builtin.shell: | @@ -166,9 +166,9 @@ ansible.builtin.template: src: config.yaml.j2 dest: "{{ xworkmate_bridge_config_file }}" - owner: "{{ xworkmate_bridge_service_user }}" - group: "{{ xworkmate_bridge_service_group }}" - mode: "0644" + owner: "{{ xworkmate_bridge_service_user if ansible_os_family != 'Windows' else omit }}" + group: "{{ xworkmate_bridge_service_group if ansible_os_family != 'Windows' else omit }}" + mode: "{{ '0644' if ansible_os_family != 'Windows' else omit }}" notify: Restart bridge - name: Restore immutable flag on xworkmate-bridge config file @@ -363,6 +363,7 @@ when: - not ansible_check_mode - ansible_os_family != 'Darwin' + - ansible_os_family != 'Windows' - name: Ensure Caddy is enabled and running ansible.builtin.systemd: @@ -372,12 +373,17 @@ when: - not ansible_check_mode - ansible_os_family != 'Darwin' + - ansible_os_family != 'Windows' become: true - name: Import macOS specific xworkmate-bridge tasks ansible.builtin.import_tasks: macos.yml when: ansible_os_family == 'Darwin' +- name: Include Windows specific xworkmate-bridge tasks + ansible.builtin.include_tasks: windows.yml + when: ansible_os_family == 'Windows' + - name: Apply xworkmate-bridge service and Caddy changes before validation ansible.builtin.meta: flush_handlers become: true diff --git a/roles/vhosts/xworkmate_bridge/tasks/windows.yml b/roles/vhosts/xworkmate_bridge/tasks/windows.yml new file mode 100644 index 0000000..38cd3ae --- /dev/null +++ b/roles/vhosts/xworkmate_bridge/tasks/windows.yml @@ -0,0 +1,26 @@ +--- +- name: Deploy xworkmate-bridge Windows startup script + ansible.windows.win_template: + src: start.ps1.j2 + dest: "{{ xworkmate_bridge_base_dir }}\\start.ps1" + notify: Restart bridge + +- name: Create xworkmate-bridge Scheduled Task on Windows + community.windows.win_scheduled_task: + name: xworkmate-bridge + description: "XWorkmate Bridge Service" + executable: powershell.exe + arguments: "-ExecutionPolicy Bypass -WindowStyle Hidden -File {{ xworkmate_bridge_base_dir }}\\start.ps1" + time: startup + state: present + enabled: true + run_level: highest + logon_type: service_account + user: SYSTEM + +- name: Ensure xworkmate-bridge Scheduled Task is running + community.windows.win_command: + cmd: schtasks /Run /TN "xworkmate-bridge" + failed_when: false + changed_when: false + when: not ansible_check_mode diff --git a/roles/vhosts/xworkmate_bridge/templates/start.ps1.j2 b/roles/vhosts/xworkmate_bridge/templates/start.ps1.j2 new file mode 100644 index 0000000..55fdd08 --- /dev/null +++ b/roles/vhosts/xworkmate_bridge/templates/start.ps1.j2 @@ -0,0 +1,6 @@ +$env:AI_WORKSPACE_AUTH_TOKEN = "{{ ai_workspace_auth_token }}" +$env:BRIDGE_AUTH_TOKEN = "{{ xworkmate_bridge_effective_auth_token | default(xworkmate_bridge_auth_token) }}" +$env:BRIDGE_REVIEW_AUTH_TOKEN = "{{ xworkmate_bridge_effective_review_auth_token | default(xworkmate_bridge_review_auth_token) }}" +$env:BRIDGE_CONFIG_PATH = "{{ xworkmate_bridge_config_file }}" + +Start-Process -NoNewWindow -Wait -FilePath "{{ xworkmate_bridge_binary_path }}"