aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src
diff options
context:
space:
mode:
authorEgor Tensin <Egor.Tensin@gmail.com>2023-07-31 23:44:54 +0200
committerEgor Tensin <Egor.Tensin@gmail.com>2023-07-31 23:44:54 +0200
commit727ab17a644d52105746e18c301cf733b1181507 (patch)
tree71113c6efae3074899de965aee5489cb76362f8e /src
parentdowngrade Ansible (diff)
downloadmaintenance-727ab17a644d52105746e18c301cf733b1181507.tar.gz
maintenance-727ab17a644d52105746e18c301cf733b1181507.zip
move Ansible files to src/
Diffstat (limited to 'src')
-rw-r--r--src/inventory.ini13
-rw-r--r--src/playbook.yml12
-rw-r--r--src/requirements.yml5
-rw-r--r--src/roles/apt/meta/main.yml3
-rw-r--r--src/roles/apt/tasks/main.yml19
-rw-r--r--src/roles/common/handlers/main.yml24
-rw-r--r--src/roles/common/tasks/main.yml17
-rw-r--r--src/roles/common/tasks/tool.yml8
-rw-r--r--src/roles/docker/tasks/main.yml3
-rw-r--r--src/roles/dotfiles/defaults/main.yml1
-rw-r--r--src/roles/dotfiles/tasks/main.yml27
-rw-r--r--src/roles/etckeeper/defaults/main.yml2
-rw-r--r--src/roles/etckeeper/tasks/main.yml16
-rw-r--r--src/roles/flatpak/tasks/main.yml3
-rw-r--r--src/roles/pacman/meta/main.yml4
-rw-r--r--src/roles/pacman/tasks/main.yml67
-rw-r--r--src/roles/rate_mirrors/meta/main.yml3
-rw-r--r--src/roles/rate_mirrors/tasks/main.yml45
-rw-r--r--src/roles/snap/meta/main.yml3
-rw-r--r--src/roles/snap/tasks/main.yml27
-rw-r--r--src/roles/vagrant/tasks/main.yml9
-rw-r--r--src/roles/yay/meta/main.yml3
-rw-r--r--src/roles/yay/tasks/main.yml16
23 files changed, 330 insertions, 0 deletions
diff --git a/src/inventory.ini b/src/inventory.ini
new file mode 100644
index 0000000..59193de
--- /dev/null
+++ b/src/inventory.ini
@@ -0,0 +1,13 @@
+[raspi]
+pi2 ansible_host=192.168.205.4
+
+[desktop]
+laptop2 ansible_host=192.168.205.2
+
+[cloud]
+web ansible_host=192.168.205.8 ansible_port=993
+vpn ansible_host=192.168.205.254 ansible_port=80
+vpn-ru ansible_host=192.168.205.13 ansible_port=993
+
+[all:vars]
+ansible_user=maintenance
diff --git a/src/playbook.yml b/src/playbook.yml
new file mode 100644
index 0000000..c152a21
--- /dev/null
+++ b/src/playbook.yml
@@ -0,0 +1,12 @@
+- name: Maintenance
+ hosts: all
+ roles:
+ - common
+ - dotfiles
+ - {role: snap, when: has_snap and etc_versioned}
+ - {role: apt, when: has_apt}
+ - {role: pacman, when: has_pacman}
+ - {role: yay, when: has_yay}
+ - {role: flatpak, when: has_flatpak}
+ - {role: vagrant, when: has_vagrant}
+ - {role: docker, when: has_docker}
diff --git a/src/requirements.yml b/src/requirements.yml
new file mode 100644
index 0000000..42d7f65
--- /dev/null
+++ b/src/requirements.yml
@@ -0,0 +1,5 @@
+---
+collections:
+ # Yay-compatible module:
+ - name: kewlfft.aur
+ version: 0.11.1
diff --git a/src/roles/apt/meta/main.yml b/src/roles/apt/meta/main.yml
new file mode 100644
index 0000000..4516fa1
--- /dev/null
+++ b/src/roles/apt/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+ - role: common
+ - {role: etckeeper, when: etc_versioned}
diff --git a/src/roles/apt/tasks/main.yml b/src/roles/apt/tasks/main.yml
new file mode 100644
index 0000000..297307b
--- /dev/null
+++ b/src/roles/apt/tasks/main.yml
@@ -0,0 +1,19 @@
+- name: Upgrade packages
+ become: true
+ ansible.builtin.apt:
+ update_cache: true
+ upgrade: full
+ notify: reboot
+
+- name: Flush handlers
+ ansible.builtin.meta: flush_handlers
+
+- name: Clean up dependencies
+ become: true
+ ansible.builtin.apt:
+ autoremove: true
+ purge: true
+ notify: reboot
+
+- name: Flush handlers
+ ansible.builtin.meta: flush_handlers
diff --git a/src/roles/common/handlers/main.yml b/src/roles/common/handlers/main.yml
new file mode 100644
index 0000000..4942957
--- /dev/null
+++ b/src/roles/common/handlers/main.yml
@@ -0,0 +1,24 @@
+- name: Reboot
+ ansible.builtin.reboot:
+ args:
+ # On my trusty old Raspberry Pi 1 Model B+, /proc/sys/kernel/random/boot_id
+ # can sometimes stay the same between reboots. Apparently, not enough
+ # entropy or something.
+ boot_time_command: uptime -s
+ # Another option is `who -s`. This option requires Ansible 2.10 or later.
+
+ # 5 minutes is plenty.
+ reboot_timeout: 300
+ # Don't reboot yourself accidentally:
+ when: 'ansible_env["SSH_CLIENT"].split()[0] not in ansible_all_ipv4_addresses'
+ become: true
+ listen: reboot
+
+- name: Wait for connectivity
+ # One of the nodes is the VPN server connecting all the other nodes, wait
+ # until all of them are back up:
+ ansible.builtin.wait_for_connection:
+ args:
+ # 5 minutes is plenty.
+ timeout: 300
+ listen: reboot
diff --git a/src/roles/common/tasks/main.yml b/src/roles/common/tasks/main.yml
new file mode 100644
index 0000000..fb0eaed
--- /dev/null
+++ b/src/roles/common/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: Check available tools
+ ansible.builtin.include_tasks: tool.yml
+ loop:
+ - apt
+ - docker
+ - flatpak
+ - pacman
+ - rate-mirrors
+ - snap
+ - vagrant
+ - yay
+
+- name: Check if /etc is versioned
+ become: true
+ ansible.builtin.stat:
+ path: /etc/.git/config
+ register: etc_versioned
diff --git a/src/roles/common/tasks/tool.yml b/src/roles/common/tasks/tool.yml
new file mode 100644
index 0000000..48d0acc
--- /dev/null
+++ b/src/roles/common/tasks/tool.yml
@@ -0,0 +1,8 @@
+- name: "Check for {{ item }}"
+ ansible.builtin.command: "{{ item }} --version"
+ register: cmd_result
+ changed_when: false
+ failed_when: false
+
+- name: "Set fact about {{ item }}"
+ ansible.builtin.set_fact: "has_{{ item | replace('-', '_') }}={{ cmd_result.rc == 0 }}"
diff --git a/src/roles/docker/tasks/main.yml b/src/roles/docker/tasks/main.yml
new file mode 100644
index 0000000..601dca2
--- /dev/null
+++ b/src/roles/docker/tasks/main.yml
@@ -0,0 +1,3 @@
+- name: Clean up Docker data
+ become: true
+ ansible.builtin.command: docker system prune -a -f --volumes
diff --git a/src/roles/dotfiles/defaults/main.yml b/src/roles/dotfiles/defaults/main.yml
new file mode 100644
index 0000000..0ce4769
--- /dev/null
+++ b/src/roles/dotfiles/defaults/main.yml
@@ -0,0 +1 @@
+dotfiles_user: egor
diff --git a/src/roles/dotfiles/tasks/main.yml b/src/roles/dotfiles/tasks/main.yml
new file mode 100644
index 0000000..4230aac
--- /dev/null
+++ b/src/roles/dotfiles/tasks/main.yml
@@ -0,0 +1,27 @@
+- name: ssh-agent hack
+ ansible.posix.acl:
+ path: "{{ item }}"
+ etype: user
+ entity: "{{ dotfiles_user }}"
+ permissions: rwx
+ state: present
+ loop:
+ - "{{ ansible_env.SSH_AUTH_SOCK | dirname }}"
+ - "{{ ansible_env.SSH_AUTH_SOCK }}"
+
+- name: Update my dotfiles
+ become: true
+ become_user: "{{ dotfiles_user }}"
+ block:
+ - name: Pull repositories
+ ansible.builtin.git:
+ accept_hostkey: true
+ dest: "~/workspace/personal/{{ item }}"
+ repo: "git@github.com:egor-tensin/{{ item }}.git"
+ loop:
+ - linux-home
+
+ - name: Run setup.sh
+ ansible.builtin.command: ./setup.sh
+ args:
+ chdir: ~/workspace/personal/linux-home
diff --git a/src/roles/etckeeper/defaults/main.yml b/src/roles/etckeeper/defaults/main.yml
new file mode 100644
index 0000000..077855f
--- /dev/null
+++ b/src/roles/etckeeper/defaults/main.yml
@@ -0,0 +1,2 @@
+git_name: Egor Tensin
+git_email: Egor.Tensin@gmail.com
diff --git a/src/roles/etckeeper/tasks/main.yml b/src/roles/etckeeper/tasks/main.yml
new file mode 100644
index 0000000..19f9b86
--- /dev/null
+++ b/src/roles/etckeeper/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: Make sure git is configured
+ become: true
+ block:
+ - name: Set user.name
+ community.general.git_config:
+ scope: local
+ repo: /etc
+ name: user.name
+ value: '{{ git_name }}'
+
+ - name: Set user.email
+ community.general.git_config:
+ scope: local
+ repo: /etc
+ name: user.email
+ value: '{{ git_email }}'
diff --git a/src/roles/flatpak/tasks/main.yml b/src/roles/flatpak/tasks/main.yml
new file mode 100644
index 0000000..4aa39a2
--- /dev/null
+++ b/src/roles/flatpak/tasks/main.yml
@@ -0,0 +1,3 @@
+- name: Upgrade packages
+ ansible.builtin.command: flatpak update --noninteractive
+ become: true
diff --git a/src/roles/pacman/meta/main.yml b/src/roles/pacman/meta/main.yml
new file mode 100644
index 0000000..f9d9a85
--- /dev/null
+++ b/src/roles/pacman/meta/main.yml
@@ -0,0 +1,4 @@
+dependencies:
+ - role: common
+ - {role: etckeeper, when: etc_versioned}
+ - {role: rate_mirrors, when: has_rate_mirrors}
diff --git a/src/roles/pacman/tasks/main.yml b/src/roles/pacman/tasks/main.yml
new file mode 100644
index 0000000..ed9250d
--- /dev/null
+++ b/src/roles/pacman/tasks/main.yml
@@ -0,0 +1,67 @@
+- name: Upgrade packages or fail gracefully
+ become: true
+ block:
+ - name: Upgrade packages
+ community.general.pacman:
+ update_cache: true
+ upgrade: true
+ register: pacman_result
+ notify: reboot
+
+ - name: Show upgraded packages
+ ansible.builtin.debug:
+ var: pacman_result.packages
+ when: pacman_result.changed
+
+ - name: Flush handlers
+ ansible.builtin.meta: flush_handlers
+ rescue:
+ - name: Fail if /etc is not versioned
+ ansible.builtin.fail:
+ msg: Upgrading packages failed for an unknown reason!
+ when: not etc_versioned
+
+ - name: Check for changes in /etc
+ ansible.builtin.command: git status --porcelain=v1
+ args:
+ chdir: /etc
+ register: git_status
+ changed_when: false
+ failed_when: false
+
+ - name: Fail if there're no unstaged changes in /etc
+ ansible.builtin.fail:
+ msg: Upgrading packages failed for an unknown reason!
+ when: not git_status.stdout
+
+ - name: All changes in /etc are in pacman.d/gnupg?
+ ansible.builtin.shell: |
+ set -o pipefail && \
+ git status --porcelain=v1 \
+ | cut -c 4- \
+ | grep -G -v '^pacman.d/gnupg/'
+ args:
+ chdir: /etc
+ register: only_gnupg
+ changed_when: false
+ failed_when: false
+
+ - name: Commit changes in /etc
+ ansible.builtin.command: |
+ etckeeper commit 'pacman: GPG keys'
+ when: git_status.stdout and only_gnupg.rc != 0
+
+ - name: Retry upgrading packages
+ community.general.pacman:
+ update_cache: true
+ upgrade: true
+ register: pacman_result
+ notify: reboot
+
+ - name: Show upgraded packages
+ ansible.builtin.debug:
+ var: pacman_result.packages
+ when: pacman_result.changed
+
+ - name: Flush handlers
+ ansible.builtin.meta: flush_handlers
diff --git a/src/roles/rate_mirrors/meta/main.yml b/src/roles/rate_mirrors/meta/main.yml
new file mode 100644
index 0000000..4516fa1
--- /dev/null
+++ b/src/roles/rate_mirrors/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+ - role: common
+ - {role: etckeeper, when: etc_versioned}
diff --git a/src/roles/rate_mirrors/tasks/main.yml b/src/roles/rate_mirrors/tasks/main.yml
new file mode 100644
index 0000000..9cdab0d
--- /dev/null
+++ b/src/roles/rate_mirrors/tasks/main.yml
@@ -0,0 +1,45 @@
+- name: As root user
+ become: true
+ block:
+ - name: Fail if there're uncommitted changes in /etc
+ when: etc_versioned
+ block:
+ - name: Check for changes in /etc
+ ansible.builtin.command: git status --porcelain=v1
+ args:
+ chdir: /etc
+ register: git_status
+ changed_when: false
+ failed_when: false
+
+ - ansible.builtin.fail:
+ msg: There are uncommitted changes in /etc
+ when: git_status.stdout
+
+ - name: Rate pacman mirrors
+ ansible.builtin.shell: |
+ . /etc/os-release && rate-mirrors \
+ --allow-root \
+ --disable-comments \
+ --save-to-file /etc/pacman.d/mirrorlist \
+ "$ID"
+
+ - name: Commit pacman.d/mirrorlist
+ when: etc_versioned
+ block:
+ - name: Check for changes in /etc
+ ansible.builtin.command: git status --porcelain=v1
+ args:
+ chdir: /etc
+ register: git_status
+ changed_when: false
+ failed_when: false
+
+ - name: Fail if there're other uncommitted changes
+ ansible.builtin.fail:
+ msg: How did this happen?
+ when: git_status.stdout != ' M pacman.d/mirrorlist'
+
+ - name: Commit changes in /etc/pacman.d/mirrorlist
+ ansible.builtin.command: |
+ etckeeper commit 'rate-mirrors'
diff --git a/src/roles/snap/meta/main.yml b/src/roles/snap/meta/main.yml
new file mode 100644
index 0000000..4516fa1
--- /dev/null
+++ b/src/roles/snap/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+ - role: common
+ - {role: etckeeper, when: etc_versioned}
diff --git a/src/roles/snap/tasks/main.yml b/src/roles/snap/tasks/main.yml
new file mode 100644
index 0000000..cce49b0
--- /dev/null
+++ b/src/roles/snap/tasks/main.yml
@@ -0,0 +1,27 @@
+- name: As root user
+ become: true
+ block:
+ - name: Check for changes in /etc
+ ansible.builtin.command: git status --porcelain=v1
+ args:
+ chdir: /etc
+ register: git_status
+ changed_when: false
+ failed_when: false
+
+ - name: All changes in /etc are snap changes?
+ ansible.builtin.shell: |
+ set -o pipefail && \
+ git status --porcelain=v1 \
+ | cut -c 4- \
+ | grep -G -v '^systemd/system/' \
+ | grep -G -v '/snap\.\|snap-'
+ args:
+ chdir: /etc
+ register: only_snap
+ changed_when: false
+ failed_when: false
+
+ - name: Commit changes in /etc
+ ansible.builtin.command: etckeeper commit 'after snap run'
+ when: git_status.stdout and only_snap.rc != 0
diff --git a/src/roles/vagrant/tasks/main.yml b/src/roles/vagrant/tasks/main.yml
new file mode 100644
index 0000000..32e9722
--- /dev/null
+++ b/src/roles/vagrant/tasks/main.yml
@@ -0,0 +1,9 @@
+- name: Update plugins
+ ansible.builtin.command: vagrant plugin update
+
+- name: Prune invalid entries
+ ansible.builtin.command: vagrant global-status --prune
+ become: true
+
+- name: Clean up boxes
+ ansible.builtin.command: vagrant box prune --force --keep-active-boxes
diff --git a/src/roles/yay/meta/main.yml b/src/roles/yay/meta/main.yml
new file mode 100644
index 0000000..d708443
--- /dev/null
+++ b/src/roles/yay/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+ - role: common
+ - {role: pacman, when: has_pacman}
diff --git a/src/roles/yay/tasks/main.yml b/src/roles/yay/tasks/main.yml
new file mode 100644
index 0000000..42150bf
--- /dev/null
+++ b/src/roles/yay/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: Upgrade packages
+ kewlfft.aur.aur:
+ use: yay
+ update_cache: true
+ upgrade: true
+ aur_only: true
+ register: yay_result
+ notify: reboot
+
+- name: Show yay result
+ ansible.builtin.debug:
+ var: yay_result
+ when: yay_result
+
+- name: Flush handlers
+ ansible.builtin.meta: flush_handlers