From 3b7ba8532f31d221c0708e2d6733bccdd3935f91 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Mon, 11 Sep 2023 18:01:37 +0200 Subject: etckeeper: manage the ignore list --- roles/etckeeper/defaults/main.yml | 15 +++++++ roles/etckeeper/handlers/commit.yml | 24 +++++++++++ roles/etckeeper/handlers/commit_conf.yml | 24 ----------- roles/etckeeper/handlers/main.yml | 12 +++++- roles/etckeeper/tasks/ignore.yml | 18 ++++++++ roles/etckeeper/tasks/main.yml | 12 ++++++ roles/pacman/tasks/main.yml | 70 ++++---------------------------- roles/rate_mirrors/tasks/main.yml | 52 ------------------------ 8 files changed, 89 insertions(+), 138 deletions(-) create mode 100644 roles/etckeeper/handlers/commit.yml delete mode 100644 roles/etckeeper/handlers/commit_conf.yml create mode 100644 roles/etckeeper/tasks/ignore.yml diff --git a/roles/etckeeper/defaults/main.yml b/roles/etckeeper/defaults/main.yml index 176453c..e783002 100644 --- a/roles/etckeeper/defaults/main.yml +++ b/roles/etckeeper/defaults/main.yml @@ -3,3 +3,18 @@ git_email: Egor.Tensin@gmail.com etckeeper_remote_name: origin #etckeeper_remote_url: + +etckeeper_ignored_paths: + # My resolv.conf is typically managed, by either systemd or NetworkManager. + - /resolv.conf + # This is just a stupid systemd file. + - /.updated + # I really don't need all the Wi-Fi networks. + - /NetworkManager/system-connections/ + # I'm unsure about this; but it does make pacman upgrades much easier - I + # don't need to account for /etc/pacman.d/gnupg suddenly having changes. + - /pacman.d/gnupg/ + # I run rate-mirrors before every upgrade pretty much. + - /pacman.d/mirrorlist + +etckeeper_extra_ignored_paths: [] diff --git a/roles/etckeeper/handlers/commit.yml b/roles/etckeeper/handlers/commit.yml new file mode 100644 index 0000000..f48db8f --- /dev/null +++ b/roles/etckeeper/handlers/commit.yml @@ -0,0 +1,24 @@ +- name: Get list of modified files + become: true + ansible.builtin.shell: | + set -o pipefail && \ + git status --porcelain=v1 \ + | cut -c 4- \ + | grep -G -v '^{{ paths | map("regex_replace", "^/", "") | list | join("\|^") }}' + args: + chdir: /etc + register: git_status + changed_when: false + failed_when: git_status.rc not in [0, 1] + +- name: Fail if unexpected files were modified + ansible.builtin.fail: + msg: | + Unexpected files were modified: + {{ git_status.stdout }} + when: git_status.rc == 0 + +- name: etckeeper commit + become: true + ansible.builtin.command: | + etckeeper commit '{{ commit_msg }}' diff --git a/roles/etckeeper/handlers/commit_conf.yml b/roles/etckeeper/handlers/commit_conf.yml deleted file mode 100644 index 134e264..0000000 --- a/roles/etckeeper/handlers/commit_conf.yml +++ /dev/null @@ -1,24 +0,0 @@ -- name: Get list of modified files - become: true - ansible.builtin.shell: | - set -o pipefail && \ - git status --porcelain=v1 \ - | cut -c 4- \ - | grep -G -v '^etckeeper/etckeeper.conf' - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: git_status.rc not in [0, 1] - -- name: Fail if unexpected files were modified - ansible.builtin.fail: - msg: | - Unexpected files were modified: - {{ git_status.stdout }} - when: git_status.rc == 0 - -- name: etckeeper commit - become: true - ansible.builtin.command: | - etckeeper commit 'configure etckeeper' diff --git a/roles/etckeeper/handlers/main.yml b/roles/etckeeper/handlers/main.yml index 9993ed5..ca6beaa 100644 --- a/roles/etckeeper/handlers/main.yml +++ b/roles/etckeeper/handlers/main.yml @@ -1,3 +1,13 @@ - name: Commit etckeeper.conf - ansible.builtin.include_tasks: commit_conf.yml + ansible.builtin.include_tasks: commit.yml + vars: + paths: [etckeeper/etckeeper.conf] + commit_msg: configure etckeeper listen: etckeeper_commit_conf + +- name: Commit .gitignore + ansible.builtin.include_tasks: commit.yml + vars: + paths: '{{ [".gitignore"] + etckeeper_ignored_paths + etckeeper_extra_ignored_paths }}' + commit_msg: configure ignored files + listen: etckeeper_commit_gitignore diff --git a/roles/etckeeper/tasks/ignore.yml b/roles/etckeeper/tasks/ignore.yml new file mode 100644 index 0000000..a798368 --- /dev/null +++ b/roles/etckeeper/tasks/ignore.yml @@ -0,0 +1,18 @@ +- name: Add line to .gitignore + become: true + ansible.builtin.lineinfile: + path: /etc/.gitignore + line: '{{ ignore_path }}' + state: present + owner: root + group: root + mode: '644' + register: gitignore + notify: etckeeper_commit_gitignore + +- name: Remove path from cache + when: gitignore.changed + become: true + ansible.builtin.command: # noqa: command-instead-of-module + cmd: git rm -r --ignore-unmatch --cached -- '{{ ignore_path | regex_replace("^/", "") }}' + chdir: /etc diff --git a/roles/etckeeper/tasks/main.yml b/roles/etckeeper/tasks/main.yml index 431a378..f609ce7 100644 --- a/roles/etckeeper/tasks/main.yml +++ b/roles/etckeeper/tasks/main.yml @@ -74,3 +74,15 @@ option: PUSH_REMOTE value: '{{ etckeeper_remote_name }}' notify: etckeeper_commit_conf + +- name: Commit etckeeper.conf if necessary + ansible.builtin.meta: flush_handlers + +- name: Configure ignored paths + ansible.builtin.include_tasks: ignore.yml + loop: '{{ etckeeper_ignored_paths + etckeeper_extra_ignored_paths }}' + loop_control: + loop_var: ignore_path + +- name: Commit .gitignore if necessary + ansible.builtin.meta: flush_handlers diff --git a/roles/pacman/tasks/main.yml b/roles/pacman/tasks/main.yml index 5ed782f..a235d7d 100644 --- a/roles/pacman/tasks/main.yml +++ b/roles/pacman/tasks/main.yml @@ -1,62 +1,10 @@ -- name: Upgrade packages or fail gracefully +- name: Upgrade packages become: true - block: - - name: Upgrade packages - community.general.pacman: - update_cache: true - upgrade: true - register: pacman_result - notify: pacman_upgraded - - - name: Reboot if necessary - ansible.builtin.meta: flush_handlers - rescue: - - name: Check if /etc is versioned - ansible.builtin.file: - path: /etc/.git/config - state: file - register: etc_versioned - - - name: Fail if /etc is not versioned - ansible.builtin.fail: - msg: Upgrading packages failed for an unknown reason! - when: not etc_versioned - - - name: Check for changes in /etc - ansible.builtin.command: # noqa: command-instead-of-module - cmd: git status --porcelain=v1 - chdir: /etc - register: git_status - changed_when: false - - - name: Fail if there're no uncommitted changes in /etc - ansible.builtin.fail: - msg: Upgrading packages failed for an unknown reason! - when: not git_status.stdout - - - name: All changes in /etc are in pacman.d/gnupg? - ansible.builtin.shell: | - set -o pipefail && \ - git status --porcelain=v1 \ - | cut -c 4- \ - | grep -G -v '^pacman.d/gnupg/' - args: - chdir: /etc - register: only_gnupg - changed_when: false - failed_when: only_gnupg.rc not in [0, 1] - - - name: Commit changes in /etc/pacman.d/gnupg - ansible.builtin.command: | - etckeeper commit 'pacman: GPG keys' - when: only_gnupg.rc == 1 - - - name: Retry upgrading packages - community.general.pacman: - update_cache: true - upgrade: true - register: pacman_result - notify: pacman_upgraded - - - name: Reboot if necessary - ansible.builtin.meta: flush_handlers + community.general.pacman: + update_cache: true + upgrade: true + register: pacman_result + notify: pacman_upgraded + +- name: Reboot if necessary + ansible.builtin.meta: flush_handlers diff --git a/roles/rate_mirrors/tasks/main.yml b/roles/rate_mirrors/tasks/main.yml index 9d40fa2..4d72a41 100644 --- a/roles/rate_mirrors/tasks/main.yml +++ b/roles/rate_mirrors/tasks/main.yml @@ -1,28 +1,3 @@ -- name: Check if /etc is versioned - become: true - ansible.builtin.file: - path: /etc/.git/config - state: file - register: etc_versioned - -- name: Fail if there're uncommitted changes in /etc - when: etc_versioned - become: true - block: - - name: Check for changes in /etc - ansible.builtin.command: # noqa: command-instead-of-module - cmd: git status --porcelain=v1 - chdir: /etc - register: git_status - changed_when: false - - - name: Fail - ansible.builtin.fail: - msg: | - There are uncommitted changes in /etc: - {{ git_status.stdout }} - when: git_status.stdout - - name: Rate pacman mirrors become: true ansible.builtin.shell: | @@ -31,30 +6,3 @@ --disable-comments \ --save /etc/pacman.d/mirrorlist \ "$ID" - -- name: Commit pacman.d/mirrorlist - when: etc_versioned - become: true - block: - - name: Check for changes in /etc - ansible.builtin.shell: | - set -o pipefail && \ - git status --porcelain=v1 \ - | cut -c 4- \ - | grep -G -v '^pacman.d/mirrorlist' - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: git_status.rc not in [0, 1] - - - name: Fail if there're other uncommitted changes - ansible.builtin.fail: - msg: | - How did this happen? Other files have been modified: - {{ git_status.stdout }} - when: git_status.rc == 0 - - - name: etckeeper commit - ansible.builtin.command: | - etckeeper commit 'rate-mirrors' -- cgit v1.2.3