diff options
| author | Egor Tensin <egor@tensin.name> | 2025-09-09 11:12:22 +0200 |
|---|---|---|
| committer | Egor Tensin <egor@tensin.name> | 2025-09-09 11:12:26 +0200 |
| commit | f7178aedfd35c95c43c6a811775cb51e40ffd925 (patch) | |
| tree | 01b2244c232afd3be8f74f6835bad11029317045 | |
| parent | README: update (diff) | |
| download | maintenance-f7178aedfd35c95c43c6a811775cb51e40ffd925.tar.gz maintenance-f7178aedfd35c95c43c6a811775cb51e40ffd925.zip | |
repurpose the repo
It's no longer a stupid, archived Ansible project; I'm gonna use it to
run GitHub Actions to do maintenance on my stuff.
29 files changed, 4 insertions, 475 deletions
diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml deleted file mode 100644 index 569bcad..0000000 --- a/.github/workflows/run.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Run - -on: - workflow_dispatch: - inputs: - hosts: - description: Inventory pattern - required: false - default: cloud - -jobs: - run: - name: Run - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set up WireGuard - uses: egor-tensin/setup-wireguard@v1 - with: - endpoint: '${{ secrets.ENDPOINT }}' - endpoint_public_key: '${{ secrets.ENDPOINT_PUBLIC_KEY }}' - ips: '${{ secrets.IPS }}' - allowed_ips: '${{ secrets.ALLOWED_IPS }}' - private_key: '${{ secrets.WG_PRIVATE_KEY }}' - preshared_key: '${{ secrets.WG_PRESHARED_KEY }}' - - name: Set up ssh-agent - uses: webfactory/ssh-agent@v0.7.0 - with: - ssh-private-key: '${{ secrets.SSH_KEY }}' - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: 3.x - cache: pip - - name: Install Ansible - run: pip install -q -r requirements.txt - - name: Make sure Ansible version is correct - run: | - ansible-playbook --version | grep -F 2.14. - - name: Install dependencies - run: make deps - - name: Run Ansible - run: make run LIMIT='${{ github.event.inputs.hosts }}' diff --git a/Makefile b/Makefile deleted file mode 100644 index 9ecf55f..0000000 --- a/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -include prelude.mk - -LIMIT ?= all -$(eval $(call noexpand,LIMIT)) - -args := --inventory src/inventory.ini --limit '$(call escape,$(LIMIT))' - -.PHONY: all -all: run - -.PHONY: deps -deps: - ansible-galaxy collection install -r src/requirements.yml - -.PHONY: run -run: - ansible-playbook $(args) src/playbook.yml - -.PHONY: reboot -reboot: - ansible $(args) --become -m reboot '*' - ansible $(args) -m wait_for_connection '*' - -.PHONY: reboot/cloud -reboot/cloud: LIMIT := cloud -reboot/cloud: run @@ -1,38 +1,5 @@ -**This repo has been retired. -In was a badly-structured Ansible project anyway, albeit useful. -I automated my infrastructure using Terraform (see [infra-terraform]) & moved -most of Ansible to a proper collection (see [infra-ansible]).** +This repo has been retired and then un-retired. +The old retired version (with the badly-structured Ansible project) is in +branch `old`. -[infra-terraform]: https://github.com/egor-tensin/infra-terraform -[infra-ansible]: https://github.com/egor-tensin/infra-ansible - -Maintenance -=========== - -Scripts to maintain my machines via GitHub Actions runs. -Nothing to see here really. - -Usage ------ - -This is an Ansible playbook; it's very non-generic and heavily customized to -how my machines are set up. -The primary usage scenario is going to this repository's Actions and running -the workflow. - -You can also run it manually; first, install the Ansible Galaxy dependencies: - - make deps - -Make sure you can SSH to the hosts as the `maintenance` user; then, you can run -the playbook: - - make run - -Reboot everything: - - make reboot - -Reboot my cloud servers only: - - make reboot/cloud +Now, it's a repo to run GitHub Actions to do maintenance on my stuff. diff --git a/ansible.cfg b/ansible.cfg deleted file mode 100644 index ee26434..0000000 --- a/ansible.cfg +++ /dev/null @@ -1,12 +0,0 @@ -[defaults] -# Readable output: -stdout_callback = yaml -stderr_callback = yaml - -[ssh_connection] -# My connections are too flaky: -retries = 2 -# I cannot believe ServerAlive* are not set by Ansible by default: -# https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-get-ansible-to-notice-a-dead-target-in-a-timely-manner -# Also, forward the SSH agent. -ssh_extra_args = -o ServerAliveInterval=15 -o ServerAliveCountMax=3 -o ForwardAgent=yes -o StrictHostKeyChecking=no diff --git a/prelude.mk b/prelude.mk deleted file mode 100644 index 374111e..0000000 --- a/prelude.mk +++ /dev/null @@ -1,23 +0,0 @@ -# Please see https://egort.name/blog/notes/makefile.html - -MAKEFLAGS += --no-builtin-rules --no-builtin-variables --warn-undefined-variables -unexport MAKEFLAGS -.DEFAULT_GOAL := all -.DELETE_ON_ERROR: -.SUFFIXES: -SHELL := bash -.SHELLFLAGS := -eu -o pipefail -c - -escape = $(subst ','\'',$(1)) - -define noexpand -ifeq ($$(origin $(1)),environment) - $(1) := $$(value $(1)) -endif -ifeq ($$(origin $(1)),environment override) - $(1) := $$(value $(1)) -endif -ifeq ($$(origin $(1)),command line) - override $(1) := $$(value $(1)) -endif -endef diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 45752a4..0000000 --- a/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -# ansible-core v2.15 reboots my servers multiple times: -# https://github.com/ansible/ansible/issues/81013 -ansible == 7.7.0 diff --git a/src/inventory.ini b/src/inventory.ini deleted file mode 100644 index 59193de..0000000 --- a/src/inventory.ini +++ /dev/null @@ -1,13 +0,0 @@ -[raspi] -pi2 ansible_host=192.168.205.4 - -[desktop] -laptop2 ansible_host=192.168.205.2 - -[cloud] -web ansible_host=192.168.205.8 ansible_port=993 -vpn ansible_host=192.168.205.254 ansible_port=80 -vpn-ru ansible_host=192.168.205.13 ansible_port=993 - -[all:vars] -ansible_user=maintenance diff --git a/src/playbook.yml b/src/playbook.yml deleted file mode 100644 index c152a21..0000000 --- a/src/playbook.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Maintenance - hosts: all - roles: - - common - - dotfiles - - {role: snap, when: has_snap and etc_versioned} - - {role: apt, when: has_apt} - - {role: pacman, when: has_pacman} - - {role: yay, when: has_yay} - - {role: flatpak, when: has_flatpak} - - {role: vagrant, when: has_vagrant} - - {role: docker, when: has_docker} diff --git a/src/requirements.yml b/src/requirements.yml deleted file mode 100644 index 42d7f65..0000000 --- a/src/requirements.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -collections: - # Yay-compatible module: - - name: kewlfft.aur - version: 0.11.1 diff --git a/src/roles/apt/meta/main.yml b/src/roles/apt/meta/main.yml deleted file mode 100644 index 4516fa1..0000000 --- a/src/roles/apt/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - {role: etckeeper, when: etc_versioned} diff --git a/src/roles/apt/tasks/main.yml b/src/roles/apt/tasks/main.yml deleted file mode 100644 index 297307b..0000000 --- a/src/roles/apt/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: Upgrade packages - become: true - ansible.builtin.apt: - update_cache: true - upgrade: full - notify: reboot - -- name: Flush handlers - ansible.builtin.meta: flush_handlers - -- name: Clean up dependencies - become: true - ansible.builtin.apt: - autoremove: true - purge: true - notify: reboot - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/src/roles/common/handlers/main.yml b/src/roles/common/handlers/main.yml deleted file mode 100644 index 4942957..0000000 --- a/src/roles/common/handlers/main.yml +++ /dev/null @@ -1,24 +0,0 @@ -- name: Reboot - ansible.builtin.reboot: - args: - # On my trusty old Raspberry Pi 1 Model B+, /proc/sys/kernel/random/boot_id - # can sometimes stay the same between reboots. Apparently, not enough - # entropy or something. - boot_time_command: uptime -s - # Another option is `who -s`. This option requires Ansible 2.10 or later. - - # 5 minutes is plenty. - reboot_timeout: 300 - # Don't reboot yourself accidentally: - when: 'ansible_env["SSH_CLIENT"].split()[0] not in ansible_all_ipv4_addresses' - become: true - listen: reboot - -- name: Wait for connectivity - # One of the nodes is the VPN server connecting all the other nodes, wait - # until all of them are back up: - ansible.builtin.wait_for_connection: - args: - # 5 minutes is plenty. - timeout: 300 - listen: reboot diff --git a/src/roles/common/tasks/main.yml b/src/roles/common/tasks/main.yml deleted file mode 100644 index fb0eaed..0000000 --- a/src/roles/common/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -- name: Check available tools - ansible.builtin.include_tasks: tool.yml - loop: - - apt - - docker - - flatpak - - pacman - - rate-mirrors - - snap - - vagrant - - yay - -- name: Check if /etc is versioned - become: true - ansible.builtin.stat: - path: /etc/.git/config - register: etc_versioned diff --git a/src/roles/common/tasks/tool.yml b/src/roles/common/tasks/tool.yml deleted file mode 100644 index 48d0acc..0000000 --- a/src/roles/common/tasks/tool.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: "Check for {{ item }}" - ansible.builtin.command: "{{ item }} --version" - register: cmd_result - changed_when: false - failed_when: false - -- name: "Set fact about {{ item }}" - ansible.builtin.set_fact: "has_{{ item | replace('-', '_') }}={{ cmd_result.rc == 0 }}" diff --git a/src/roles/docker/tasks/main.yml b/src/roles/docker/tasks/main.yml deleted file mode 100644 index 601dca2..0000000 --- a/src/roles/docker/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Clean up Docker data - become: true - ansible.builtin.command: docker system prune -a -f --volumes diff --git a/src/roles/dotfiles/defaults/main.yml b/src/roles/dotfiles/defaults/main.yml deleted file mode 100644 index 0ce4769..0000000 --- a/src/roles/dotfiles/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -dotfiles_user: egor diff --git a/src/roles/dotfiles/tasks/main.yml b/src/roles/dotfiles/tasks/main.yml deleted file mode 100644 index 4230aac..0000000 --- a/src/roles/dotfiles/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ -- name: ssh-agent hack - ansible.posix.acl: - path: "{{ item }}" - etype: user - entity: "{{ dotfiles_user }}" - permissions: rwx - state: present - loop: - - "{{ ansible_env.SSH_AUTH_SOCK | dirname }}" - - "{{ ansible_env.SSH_AUTH_SOCK }}" - -- name: Update my dotfiles - become: true - become_user: "{{ dotfiles_user }}" - block: - - name: Pull repositories - ansible.builtin.git: - accept_hostkey: true - dest: "~/workspace/personal/{{ item }}" - repo: "git@github.com:egor-tensin/{{ item }}.git" - loop: - - linux-home - - - name: Run setup.sh - ansible.builtin.command: ./setup.sh - args: - chdir: ~/workspace/personal/linux-home diff --git a/src/roles/etckeeper/defaults/main.yml b/src/roles/etckeeper/defaults/main.yml deleted file mode 100644 index 077855f..0000000 --- a/src/roles/etckeeper/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -git_name: Egor Tensin -git_email: Egor.Tensin@gmail.com diff --git a/src/roles/etckeeper/tasks/main.yml b/src/roles/etckeeper/tasks/main.yml deleted file mode 100644 index 19f9b86..0000000 --- a/src/roles/etckeeper/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Make sure git is configured - become: true - block: - - name: Set user.name - community.general.git_config: - scope: local - repo: /etc - name: user.name - value: '{{ git_name }}' - - - name: Set user.email - community.general.git_config: - scope: local - repo: /etc - name: user.email - value: '{{ git_email }}' diff --git a/src/roles/flatpak/tasks/main.yml b/src/roles/flatpak/tasks/main.yml deleted file mode 100644 index 4aa39a2..0000000 --- a/src/roles/flatpak/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Upgrade packages - ansible.builtin.command: flatpak update --noninteractive - become: true diff --git a/src/roles/pacman/meta/main.yml b/src/roles/pacman/meta/main.yml deleted file mode 100644 index f9d9a85..0000000 --- a/src/roles/pacman/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - role: common - - {role: etckeeper, when: etc_versioned} - - {role: rate_mirrors, when: has_rate_mirrors} diff --git a/src/roles/pacman/tasks/main.yml b/src/roles/pacman/tasks/main.yml deleted file mode 100644 index ed9250d..0000000 --- a/src/roles/pacman/tasks/main.yml +++ /dev/null @@ -1,67 +0,0 @@ -- name: Upgrade packages or fail gracefully - become: true - block: - - name: Upgrade packages - community.general.pacman: - update_cache: true - upgrade: true - register: pacman_result - notify: reboot - - - name: Show upgraded packages - ansible.builtin.debug: - var: pacman_result.packages - when: pacman_result.changed - - - name: Flush handlers - ansible.builtin.meta: flush_handlers - rescue: - - name: Fail if /etc is not versioned - ansible.builtin.fail: - msg: Upgrading packages failed for an unknown reason! - when: not etc_versioned - - - name: Check for changes in /etc - ansible.builtin.command: git status --porcelain=v1 - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: false - - - name: Fail if there're no unstaged changes in /etc - ansible.builtin.fail: - msg: Upgrading packages failed for an unknown reason! - when: not git_status.stdout - - - name: All changes in /etc are in pacman.d/gnupg? - ansible.builtin.shell: | - set -o pipefail && \ - git status --porcelain=v1 \ - | cut -c 4- \ - | grep -G -v '^pacman.d/gnupg/' - args: - chdir: /etc - register: only_gnupg - changed_when: false - failed_when: false - - - name: Commit changes in /etc - ansible.builtin.command: | - etckeeper commit 'pacman: GPG keys' - when: git_status.stdout and only_gnupg.rc != 0 - - - name: Retry upgrading packages - community.general.pacman: - update_cache: true - upgrade: true - register: pacman_result - notify: reboot - - - name: Show upgraded packages - ansible.builtin.debug: - var: pacman_result.packages - when: pacman_result.changed - - - name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/src/roles/rate_mirrors/meta/main.yml b/src/roles/rate_mirrors/meta/main.yml deleted file mode 100644 index 4516fa1..0000000 --- a/src/roles/rate_mirrors/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - {role: etckeeper, when: etc_versioned} diff --git a/src/roles/rate_mirrors/tasks/main.yml b/src/roles/rate_mirrors/tasks/main.yml deleted file mode 100644 index 613a382..0000000 --- a/src/roles/rate_mirrors/tasks/main.yml +++ /dev/null @@ -1,45 +0,0 @@ -- name: As root user - become: true - block: - - name: Fail if there're uncommitted changes in /etc - when: etc_versioned - block: - - name: Check for changes in /etc - ansible.builtin.command: git status --porcelain=v1 - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: false - - - ansible.builtin.fail: - msg: There are uncommitted changes in /etc - when: git_status.stdout - - - name: Rate pacman mirrors - ansible.builtin.shell: | - . /etc/os-release && rate-mirrors \ - --allow-root \ - --disable-comments \ - --save /etc/pacman.d/mirrorlist \ - "$ID" - - - name: Commit pacman.d/mirrorlist - when: etc_versioned - block: - - name: Check for changes in /etc - ansible.builtin.command: git status --porcelain=v1 - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: false - - - name: Fail if there're other uncommitted changes - ansible.builtin.fail: - msg: How did this happen? - when: git_status.stdout != ' M pacman.d/mirrorlist' - - - name: Commit changes in /etc/pacman.d/mirrorlist - ansible.builtin.command: | - etckeeper commit 'rate-mirrors' diff --git a/src/roles/snap/meta/main.yml b/src/roles/snap/meta/main.yml deleted file mode 100644 index 4516fa1..0000000 --- a/src/roles/snap/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - {role: etckeeper, when: etc_versioned} diff --git a/src/roles/snap/tasks/main.yml b/src/roles/snap/tasks/main.yml deleted file mode 100644 index cce49b0..0000000 --- a/src/roles/snap/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ -- name: As root user - become: true - block: - - name: Check for changes in /etc - ansible.builtin.command: git status --porcelain=v1 - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: false - - - name: All changes in /etc are snap changes? - ansible.builtin.shell: | - set -o pipefail && \ - git status --porcelain=v1 \ - | cut -c 4- \ - | grep -G -v '^systemd/system/' \ - | grep -G -v '/snap\.\|snap-' - args: - chdir: /etc - register: only_snap - changed_when: false - failed_when: false - - - name: Commit changes in /etc - ansible.builtin.command: etckeeper commit 'after snap run' - when: git_status.stdout and only_snap.rc != 0 diff --git a/src/roles/vagrant/tasks/main.yml b/src/roles/vagrant/tasks/main.yml deleted file mode 100644 index 32e9722..0000000 --- a/src/roles/vagrant/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -- name: Update plugins - ansible.builtin.command: vagrant plugin update - -- name: Prune invalid entries - ansible.builtin.command: vagrant global-status --prune - become: true - -- name: Clean up boxes - ansible.builtin.command: vagrant box prune --force --keep-active-boxes diff --git a/src/roles/yay/meta/main.yml b/src/roles/yay/meta/main.yml deleted file mode 100644 index d708443..0000000 --- a/src/roles/yay/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - {role: pacman, when: has_pacman} diff --git a/src/roles/yay/tasks/main.yml b/src/roles/yay/tasks/main.yml deleted file mode 100644 index 42150bf..0000000 --- a/src/roles/yay/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Upgrade packages - kewlfft.aur.aur: - use: yay - update_cache: true - upgrade: true - aur_only: true - register: yay_result - notify: reboot - -- name: Show yay result - ansible.builtin.debug: - var: yay_result - when: yay_result - -- name: Flush handlers - ansible.builtin.meta: flush_handlers |