feat: add PBinCLI installation and configuration tasks; update EchoIP service to check for updates and clean up files

config/ansible/tasks/global/global.yml

@@ -49,6 +49,28 @@
     state: present
   become: true
 
+# --- PBinCLI via pipx ---
+- name: Ensure pbincli is installed with pipx
+  ansible.builtin.command: pipx install pbincli
+  args:
+    creates: ~/.local/bin/pbincli
+  environment:
+    PIPX_DEFAULT_PYTHON: /usr/bin/python3
+  become: false
+
+- name: Ensure ~/.config/pbincli directory exists
+  ansible.builtin.file:
+    path: "{{ ansible_env.HOME }}/.config/pbincli"
+    state: directory
+    mode: "0755"
+
+- name: Configure pbincli to use custom server
+  ansible.builtin.copy:
+    dest: "{{ ansible_env.HOME }}/.config/pbincli/pbincli.conf"
+    content: |
+      server=https://bin.mvl.sh
+    mode: "0644"
+
 - name: Include WSL2 tasks
   ansible.builtin.import_tasks: tasks/global/wsl.yml
   when: "'microsoft-standard-WSL2' in ansible_kernel"

config/ansible/tasks/servers/server.yml

@@ -13,6 +13,9 @@
       tags:
         - juicefs
 
+    # Note: Per-service tags should be set in each service's task file (e.g., privatebin.yml).
+    # The tags here are static and allow selection by service name.
+    # To target a specific service, use '--tags services,privatebin' so the include is processed and the inner tag matches.
     - name: Include service tasks
       ansible.builtin.include_tasks: "services/{{ item.name }}/{{ item.name }}.yml"
       loop: "{{ services }}"
@@ -21,6 +24,7 @@
         label: "{{ item.name }}"
       tags:
         - services
+
   vars:
     services:
       - name: caddy

config/ansible/tasks/servers/services/echoip/echoip.yml

@@ -10,6 +10,16 @@
         maxmind_license_key: "{{ lookup('community.general.onepassword', 'MaxMind',
           vault='Dotfiles', field='license_key') | regex_replace('\\s+', '') }}"
 
+    # Requires: gather_facts: true in playbook
+    - name: Check last update marker file
+      ansible.builtin.stat:
+        path: "{{ echoip_data_dir }}/.last_update"
+      register: echoip_update_marker
+
+    - name: Determine if update is needed (older than 24h or missing)
+      ansible.builtin.set_fact:
+        update_needed: "{{ (not echoip_update_marker.stat.exists) or ((ansible_date_time.epoch | int) - (echoip_update_marker.stat.mtime | default(0) | int) > 86400) }}"
+
     - name: Create EchoIP directory
       ansible.builtin.file:
         path: "{{ echoip_service_dir }}"
@@ -22,6 +32,14 @@
         state: directory
         mode: "0755"
 
+    # Only update databases if needed (max once per 24h)
+    - block:
+        # Touch the marker file BEFORE attempting download to prevent repeated attempts on failure
+        - name: Update last update marker file (pre-download)
+          ansible.builtin.file:
+            path: "{{ echoip_data_dir }}/.last_update"
+            state: touch
+
         # Create directories for extracted databases
         - name: Create directory for ASN database extraction
           ansible.builtin.file:
@@ -126,6 +144,9 @@
           ansible.builtin.command:
             cmd: "rm -rf {{ echoip_data_dir }}/GeoLite2-Country"
 
+        # Update the marker file (no longer needed here, already touched before download)
+      when: update_needed
+
     # Deploy and restart the EchoIP service
     - name: Deploy EchoIP docker-compose.yml
       ansible.builtin.template:

config/ansible/tasks/servers/services/privatebin/docker-compose.yml.j2

@@ -5,6 +5,8 @@ services:
     restart: always
     read_only: true
     user: "1000:1000"
+    ports:
+      - "8585:8080"
     environment:
       - PUID=1000
       - PGID=1000