From 97b930c6edc7973497f469ae859fa2258cbea4d6 Mon Sep 17 00:00:00 2001
From: Egor Tensin <Egor.Tensin@gmail.com>
Date: Sun, 20 Aug 2023 18:38:17 +0200
Subject: use variables instead facts mostly everywhere

set_fact is stupid; they persist through multiple role executions; for
example, you cannot do this:

    set_fact:
      foo: '{{ foo | default("bar") }}'

If somebody calls the role and defines foo, it will always be set to
that value forever, even for subsequent role calls.
---
 roles/apt_repo/defaults/main.yml         |  2 +
 roles/apt_repo/tasks/main.yml            | 25 ++++------
 roles/digitalocean_volume/tasks/main.yml |  6 +--
 roles/file_wait/tasks/check.yml          | 14 +++---
 roles/file_wait/tasks/main.yml           |  4 ++
 roles/letsencrypt/tasks/domain.yml       | 52 ++++++++++-----------
 roles/letsencrypt/tasks/main.yml         |  2 +
 roles/my_workspace/tasks/main.yml        |  2 +
 roles/my_workspace/tasks/project.yml     | 78 +++++++++++++++-----------------
 9 files changed, 88 insertions(+), 97 deletions(-)

diff --git a/roles/apt_repo/defaults/main.yml b/roles/apt_repo/defaults/main.yml
index 7394a29..f4755e5 100644
--- a/roles/apt_repo/defaults/main.yml
+++ b/roles/apt_repo/defaults/main.yml
@@ -1,2 +1,4 @@
 apt_repo_keys_dir: /etc/apt/keyrings
 apt_repo_key_dearmor: false
+
+apt_repo_component: main
diff --git a/roles/apt_repo/tasks/main.yml b/roles/apt_repo/tasks/main.yml
index 4c1d92f..bf9e3ea 100644
--- a/roles/apt_repo/tasks/main.yml
+++ b/roles/apt_repo/tasks/main.yml
@@ -1,5 +1,11 @@
 - name: Set up repository
   become: true
+  vars:
+    # For some reason, if the key is in a weird format that requires
+    # running `gpg --dearmor`, you must save it with the .gpg extension
+    # instead of .asc. You can then completely skip the gpg step. Source:
+    # https://stackoverflow.com/q/71585303/514684
+    apt_repo_key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'
   block:
     - name: Create keys directory
       ansible.builtin.file:
@@ -7,30 +13,19 @@
         mode: '755'
         state: directory
 
-    - name: Set key path
-      ansible.builtin.set_fact:
-        # For some reason, if the key is in a weird format that requires
-        # running `gpg --dearmor`, you must save it with the .gpg extension
-        # instead of .asc. You can then completely skip the gpg step. Source:
-        # https://stackoverflow.com/q/71585303/514684
-        key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'
-
     - name: 'Add key: {{ apt_repo_name }}'
       ansible.builtin.get_url:
         url: '{{ apt_repo_key_url }}'
-        dest: '{{ key_path }}'
+        dest: '{{ apt_repo_key_path }}'
         mode: '644'
 
     - name: Get host distro
       ansible.builtin.setup:
         gather_subset: [distribution_release]
 
-    - name: Set repository defaults
-      ansible.builtin.set_fact:
-        apt_repo_distro: '{{ apt_repo_distro | default(ansible_distribution_release) }}'
-        apt_repo_component: '{{ apt_repo_component | default("main") }}'
-
     - name: 'Add repository: {{ apt_repo_name }}'
       ansible.builtin.apt_repository:
-        repo: 'deb [signed-by={{ key_path }}] {{ apt_repo_url }} {{ apt_repo_distro }} {{ apt_repo_component }}'
+        repo: 'deb [signed-by={{ apt_repo_key_path }}] {{ apt_repo_url }} {{ distro }} {{ apt_repo_component }}'
         filename: '{{ apt_repo_name }}'
+      vars:
+        distro: '{{ apt_repo_distro | default(ansible_distribution_release) }}'
diff --git a/roles/digitalocean_volume/tasks/main.yml b/roles/digitalocean_volume/tasks/main.yml
index c23da76..07d6c74 100644
--- a/roles/digitalocean_volume/tasks/main.yml
+++ b/roles/digitalocean_volume/tasks/main.yml
@@ -1,11 +1,7 @@
-- name: Set default mount point
-  ansible.builtin.set_fact:
-    volume_dir: "{{ volume_dir | default('/mnt/{{ volume_name }}') }}"
-
 - name: 'Mount volume: {{ volume_name }}'
   become: true
   ansible.posix.mount:
-    path: '{{ volume_dir }}'
+    path: "{{ volume_dir | default('/mnt/{{ volume_name }}') }}"
     src: '/dev/disk/by-id/scsi-0DO_Volume_{{ volume_name }}'
     state: mounted
     fstype: '{{ volume_fs }}'
diff --git a/roles/file_wait/tasks/check.yml b/roles/file_wait/tasks/check.yml
index aa55830..47122b7 100644
--- a/roles/file_wait/tasks/check.yml
+++ b/roles/file_wait/tasks/check.yml
@@ -13,17 +13,17 @@
   ignore_unreachable: true
   ignore_errors: true
 
-- name: If the host restarted, try again
+- name: If host restarted, try again
   when: file_wait_check is unreachable
   block:
-    - name: Log the number of tolerable reboots
+    - name: Show number of reboots
       ansible.builtin.debug:
-        msg: 'Number of tolerable reboots: {{ file_wait_reboots }}'
+        msg: 'Number of reboots left: {{ file_wait_reboots_left }}'
 
-    - name: Decrement the number of tolerable reboots
+    - name: Decrement number of reboots
       ansible.builtin.set_fact:
-        file_wait_reboots: '{{ (file_wait_reboots | int) - 1 }}'
+        file_wait_reboots_left: '{{ (file_wait_reboots_left | int) - 1 }}'
 
-    - name: Retry if there're more tolerable reboots
+    - name: Retry if there're more reboots
       ansible.builtin.include_tasks: check.yml
-      when: (file_wait_reboots | int >= 0)
+      when: (file_wait_reboots_left | int >= 0)
diff --git a/roles/file_wait/tasks/main.yml b/roles/file_wait/tasks/main.yml
index 9afef57..169f834 100644
--- a/roles/file_wait/tasks/main.yml
+++ b/roles/file_wait/tasks/main.yml
@@ -1,3 +1,7 @@
+- name: Reset number of reboots
+  ansible.builtin.set_fact:
+    file_wait_reboots_left: '{{ file_wait_reboots }}'
+
 - name: Check if file exists
   ansible.builtin.include_tasks: check.yml
 
diff --git a/roles/letsencrypt/tasks/domain.yml b/roles/letsencrypt/tasks/domain.yml
index 13717ef..d3cb50a 100644
--- a/roles/letsencrypt/tasks/domain.yml
+++ b/roles/letsencrypt/tasks/domain.yml
@@ -1,30 +1,26 @@
-- name: Set certificate name
-  ansible.builtin.set_fact:
-    certificate_name: '{{ item.name | default(item) }}'
-
-- name: Set certificate domains
-  ansible.builtin.set_fact:
-    certificate_domains: "{{ item.domains | default([certificate_name]) | sort | unique }}"
-
-- name: Cache domain list
+- name: Set up certificate for domain
   become: true
-  ansible.builtin.template:
-    src: domain_list.txt
-    dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt'
-    owner: root
-    group: root
-    mode: '640'
-  register: domain_list
+  vars:
+    certificate_name: '{{ domain.name | default(domain) }}'
+    certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}"
+  block:
+    - name: Cache domain list
+      ansible.builtin.template:
+        src: domain_list.txt
+        dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt'
+        owner: root
+        group: root
+        mode: '640'
+      register: domain_list
 
-- name: 'Create certificate: {{ certificate_name }}'
-  become: true
-  ansible.builtin.command: |
-    certbot certonly --noninteractive --agree-tos \
-        --cert-name '{{ certificate_name }}' \
-        --email '{{ certbot_email }}' \
-        --domains '{{ certificate_domains | join(',') }}' \
-        --preferred-challenges dns \
-        --dns-digitalocean \
-        --dns-digitalocean-credentials '{{ certbot_ini }}' \
-        --dns-digitalocean-propagation-seconds 30
-  when: domain_list.changed
+    - name: 'Create certificate: {{ certificate_name }}'
+      ansible.builtin.command: |
+        certbot certonly --noninteractive --agree-tos \
+            --cert-name '{{ certificate_name }}' \
+            --email '{{ certbot_email }}' \
+            --domains '{{ certificate_domains | join(',') }}' \
+            --preferred-challenges dns \
+            --dns-digitalocean \
+            --dns-digitalocean-credentials '{{ certbot_ini }}' \
+            --dns-digitalocean-propagation-seconds 30
+      when: domain_list.changed
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
index a4160d7..a1761a5 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@@ -13,3 +13,5 @@
 - name: Update certificates
   ansible.builtin.include_tasks: domain.yml
   loop: '{{ letsencrypt_domains }}'
+  loop_control:
+    loop_var: domain
diff --git a/roles/my_workspace/tasks/main.yml b/roles/my_workspace/tasks/main.yml
index 0acec47..6bbb308 100644
--- a/roles/my_workspace/tasks/main.yml
+++ b/roles/my_workspace/tasks/main.yml
@@ -31,3 +31,5 @@
 - name: Update projects
   ansible.builtin.include_tasks: project.yml
   loop: '{{ workspace_projects }}'
+  loop_control:
+    loop_var: project
diff --git a/roles/my_workspace/tasks/project.yml b/roles/my_workspace/tasks/project.yml
index 813de46..d6bf857 100644
--- a/roles/my_workspace/tasks/project.yml
+++ b/roles/my_workspace/tasks/project.yml
@@ -1,47 +1,41 @@
-- name: Set project URL
-  ansible.builtin.set_fact:
-    project_url: '{{ item.url | default(item) }}'
-
-- name: Set project name
-  ansible.builtin.set_fact:
-    project_name: "{{ item.name | default(project_url | urlsplit('path') | basename | regex_replace('\\.git$', '')) }}"
-
-- name: Set project directory
-  ansible.builtin.set_fact:
+- name: Set up project
+  vars:
+    project_url: '{{ project.url | default(project) }}'
+    project_name: "{{ project.name | default(project_url | urlsplit('path') | basename | regex_replace('\\.git$', '')) }}"
     project_dir: '{{ workspace_dir }}/{{ project_name }}'
+  block:
+    - name: 'Update repository: {{ project_name }}'
+      ansible.builtin.git:
+        accept_hostkey: true
+        dest: '{{ project_dir }}'
+        repo: '{{ project_url }}'
 
-- name: 'Update repository: {{ project_name }}'
-  ansible.builtin.git:
-    accept_hostkey: true
-    dest: '{{ project_dir }}'
-    repo: '{{ project_url }}'
-
-- name: Check for Makefile
-  ansible.builtin.file:
-    path: '{{ project_dir }}/Makefile'
-    state: file
-  register: makefile_check
-  ignore_errors: true
+    - name: Check for Makefile
+      ansible.builtin.file:
+        path: '{{ project_dir }}/Makefile'
+        state: file
+      register: makefile_check
+      ignore_errors: true
 
-- name: Check for docker-compose.yml
-  ansible.builtin.file:
-    path: '{{ project_dir }}/docker-compose.yml'
-    state: file
-  register: docker_compose_check
-  ignore_errors: true
+    - name: Check for docker-compose.yml
+      ansible.builtin.file:
+        path: '{{ project_dir }}/docker-compose.yml'
+        state: file
+      register: docker_compose_check
+      ignore_errors: true
 
-- name: Run make
-  become: true
-  community.general.make:
-    chdir: '{{ project_dir }}'
-  when: makefile_check is succeeded
+    - name: Run make
+      become: true
+      community.general.make:
+        chdir: '{{ project_dir }}'
+      when: makefile_check is succeeded
 
-- name: Run docker-compose
-  become: true
-  community.docker.docker_compose:
-    build: true
-    debug: true
-    project_src: '{{ project_dir }}'
-    pull: true
-    remove_orphans: true
-  when: makefile_check is not succeeded and docker_compose_check is succeeded
+    - name: Run docker-compose
+      become: true
+      community.docker.docker_compose:
+        build: true
+        debug: true
+        project_src: '{{ project_dir }}'
+        pull: true
+        remove_orphans: true
+      when: makefile_check is not succeeded and docker_compose_check is succeeded
-- 
cgit v1.2.3