diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/inventory.ini | 13 | ||||
-rw-r--r-- | src/playbook.yml | 12 | ||||
-rw-r--r-- | src/requirements.yml | 5 | ||||
-rw-r--r-- | src/roles/apt/meta/main.yml | 3 | ||||
-rw-r--r-- | src/roles/apt/tasks/main.yml | 19 | ||||
-rw-r--r-- | src/roles/common/handlers/main.yml | 24 | ||||
-rw-r--r-- | src/roles/common/tasks/main.yml | 17 | ||||
-rw-r--r-- | src/roles/common/tasks/tool.yml | 8 | ||||
-rw-r--r-- | src/roles/docker/tasks/main.yml | 3 | ||||
-rw-r--r-- | src/roles/dotfiles/defaults/main.yml | 1 | ||||
-rw-r--r-- | src/roles/dotfiles/tasks/main.yml | 27 | ||||
-rw-r--r-- | src/roles/etckeeper/defaults/main.yml | 2 | ||||
-rw-r--r-- | src/roles/etckeeper/tasks/main.yml | 16 | ||||
-rw-r--r-- | src/roles/flatpak/tasks/main.yml | 3 | ||||
-rw-r--r-- | src/roles/pacman/meta/main.yml | 4 | ||||
-rw-r--r-- | src/roles/pacman/tasks/main.yml | 67 | ||||
-rw-r--r-- | src/roles/rate_mirrors/meta/main.yml | 3 | ||||
-rw-r--r-- | src/roles/rate_mirrors/tasks/main.yml | 45 | ||||
-rw-r--r-- | src/roles/snap/meta/main.yml | 3 | ||||
-rw-r--r-- | src/roles/snap/tasks/main.yml | 27 | ||||
-rw-r--r-- | src/roles/vagrant/tasks/main.yml | 9 | ||||
-rw-r--r-- | src/roles/yay/meta/main.yml | 3 | ||||
-rw-r--r-- | src/roles/yay/tasks/main.yml | 16 |
23 files changed, 330 insertions, 0 deletions
diff --git a/src/inventory.ini b/src/inventory.ini new file mode 100644 index 0000000..59193de --- /dev/null +++ b/src/inventory.ini @@ -0,0 +1,13 @@ +[raspi] +pi2 ansible_host=192.168.205.4 + +[desktop] +laptop2 ansible_host=192.168.205.2 + +[cloud] +web ansible_host=192.168.205.8 ansible_port=993 +vpn ansible_host=192.168.205.254 ansible_port=80 +vpn-ru ansible_host=192.168.205.13 ansible_port=993 + +[all:vars] +ansible_user=maintenance diff --git a/src/playbook.yml b/src/playbook.yml new file mode 100644 index 0000000..c152a21 --- /dev/null +++ b/src/playbook.yml @@ -0,0 +1,12 @@ +- name: Maintenance + hosts: all + roles: + - common + - dotfiles + - {role: snap, when: has_snap and etc_versioned} + - {role: apt, when: has_apt} + - {role: pacman, when: has_pacman} + - {role: yay, when: has_yay} + - {role: flatpak, when: has_flatpak} + - {role: vagrant, when: has_vagrant} + - {role: docker, when: has_docker} diff --git a/src/requirements.yml b/src/requirements.yml new file mode 100644 index 0000000..42d7f65 --- /dev/null +++ b/src/requirements.yml @@ -0,0 +1,5 @@ +--- +collections: + # Yay-compatible module: + - name: kewlfft.aur + version: 0.11.1 diff --git a/src/roles/apt/meta/main.yml b/src/roles/apt/meta/main.yml new file mode 100644 index 0000000..4516fa1 --- /dev/null +++ b/src/roles/apt/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - {role: etckeeper, when: etc_versioned} diff --git a/src/roles/apt/tasks/main.yml b/src/roles/apt/tasks/main.yml new file mode 100644 index 0000000..297307b --- /dev/null +++ b/src/roles/apt/tasks/main.yml @@ -0,0 +1,19 @@ +- name: Upgrade packages + become: true + ansible.builtin.apt: + update_cache: true + upgrade: full + notify: reboot + +- name: Flush handlers + ansible.builtin.meta: flush_handlers + +- name: Clean up dependencies + become: true + ansible.builtin.apt: + autoremove: true + purge: true + notify: reboot + +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/src/roles/common/handlers/main.yml b/src/roles/common/handlers/main.yml new file mode 100644 index 0000000..4942957 --- /dev/null +++ b/src/roles/common/handlers/main.yml @@ -0,0 +1,24 @@ +- name: Reboot + ansible.builtin.reboot: + args: + # On my trusty old Raspberry Pi 1 Model B+, /proc/sys/kernel/random/boot_id + # can sometimes stay the same between reboots. Apparently, not enough + # entropy or something. + boot_time_command: uptime -s + # Another option is `who -s`. This option requires Ansible 2.10 or later. + + # 5 minutes is plenty. + reboot_timeout: 300 + # Don't reboot yourself accidentally: + when: 'ansible_env["SSH_CLIENT"].split()[0] not in ansible_all_ipv4_addresses' + become: true + listen: reboot + +- name: Wait for connectivity + # One of the nodes is the VPN server connecting all the other nodes, wait + # until all of them are back up: + ansible.builtin.wait_for_connection: + args: + # 5 minutes is plenty. + timeout: 300 + listen: reboot diff --git a/src/roles/common/tasks/main.yml b/src/roles/common/tasks/main.yml new file mode 100644 index 0000000..fb0eaed --- /dev/null +++ b/src/roles/common/tasks/main.yml @@ -0,0 +1,17 @@ +- name: Check available tools + ansible.builtin.include_tasks: tool.yml + loop: + - apt + - docker + - flatpak + - pacman + - rate-mirrors + - snap + - vagrant + - yay + +- name: Check if /etc is versioned + become: true + ansible.builtin.stat: + path: /etc/.git/config + register: etc_versioned diff --git a/src/roles/common/tasks/tool.yml b/src/roles/common/tasks/tool.yml new file mode 100644 index 0000000..48d0acc --- /dev/null +++ b/src/roles/common/tasks/tool.yml @@ -0,0 +1,8 @@ +- name: "Check for {{ item }}" + ansible.builtin.command: "{{ item }} --version" + register: cmd_result + changed_when: false + failed_when: false + +- name: "Set fact about {{ item }}" + ansible.builtin.set_fact: "has_{{ item | replace('-', '_') }}={{ cmd_result.rc == 0 }}" diff --git a/src/roles/docker/tasks/main.yml b/src/roles/docker/tasks/main.yml new file mode 100644 index 0000000..601dca2 --- /dev/null +++ b/src/roles/docker/tasks/main.yml @@ -0,0 +1,3 @@ +- name: Clean up Docker data + become: true + ansible.builtin.command: docker system prune -a -f --volumes diff --git a/src/roles/dotfiles/defaults/main.yml b/src/roles/dotfiles/defaults/main.yml new file mode 100644 index 0000000..0ce4769 --- /dev/null +++ b/src/roles/dotfiles/defaults/main.yml @@ -0,0 +1 @@ +dotfiles_user: egor diff --git a/src/roles/dotfiles/tasks/main.yml b/src/roles/dotfiles/tasks/main.yml new file mode 100644 index 0000000..4230aac --- /dev/null +++ b/src/roles/dotfiles/tasks/main.yml @@ -0,0 +1,27 @@ +- name: ssh-agent hack + ansible.posix.acl: + path: "{{ item }}" + etype: user + entity: "{{ dotfiles_user }}" + permissions: rwx + state: present + loop: + - "{{ ansible_env.SSH_AUTH_SOCK | dirname }}" + - "{{ ansible_env.SSH_AUTH_SOCK }}" + +- name: Update my dotfiles + become: true + become_user: "{{ dotfiles_user }}" + block: + - name: Pull repositories + ansible.builtin.git: + accept_hostkey: true + dest: "~/workspace/personal/{{ item }}" + repo: "git@github.com:egor-tensin/{{ item }}.git" + loop: + - linux-home + + - name: Run setup.sh + ansible.builtin.command: ./setup.sh + args: + chdir: ~/workspace/personal/linux-home diff --git a/src/roles/etckeeper/defaults/main.yml b/src/roles/etckeeper/defaults/main.yml new file mode 100644 index 0000000..077855f --- /dev/null +++ b/src/roles/etckeeper/defaults/main.yml @@ -0,0 +1,2 @@ +git_name: Egor Tensin +git_email: Egor.Tensin@gmail.com diff --git a/src/roles/etckeeper/tasks/main.yml b/src/roles/etckeeper/tasks/main.yml new file mode 100644 index 0000000..19f9b86 --- /dev/null +++ b/src/roles/etckeeper/tasks/main.yml @@ -0,0 +1,16 @@ +- name: Make sure git is configured + become: true + block: + - name: Set user.name + community.general.git_config: + scope: local + repo: /etc + name: user.name + value: '{{ git_name }}' + + - name: Set user.email + community.general.git_config: + scope: local + repo: /etc + name: user.email + value: '{{ git_email }}' diff --git a/src/roles/flatpak/tasks/main.yml b/src/roles/flatpak/tasks/main.yml new file mode 100644 index 0000000..4aa39a2 --- /dev/null +++ b/src/roles/flatpak/tasks/main.yml @@ -0,0 +1,3 @@ +- name: Upgrade packages + ansible.builtin.command: flatpak update --noninteractive + become: true diff --git a/src/roles/pacman/meta/main.yml b/src/roles/pacman/meta/main.yml new file mode 100644 index 0000000..f9d9a85 --- /dev/null +++ b/src/roles/pacman/meta/main.yml @@ -0,0 +1,4 @@ +dependencies: + - role: common + - {role: etckeeper, when: etc_versioned} + - {role: rate_mirrors, when: has_rate_mirrors} diff --git a/src/roles/pacman/tasks/main.yml b/src/roles/pacman/tasks/main.yml new file mode 100644 index 0000000..ed9250d --- /dev/null +++ b/src/roles/pacman/tasks/main.yml @@ -0,0 +1,67 @@ +- name: Upgrade packages or fail gracefully + become: true + block: + - name: Upgrade packages + community.general.pacman: + update_cache: true + upgrade: true + register: pacman_result + notify: reboot + + - name: Show upgraded packages + ansible.builtin.debug: + var: pacman_result.packages + when: pacman_result.changed + + - name: Flush handlers + ansible.builtin.meta: flush_handlers + rescue: + - name: Fail if /etc is not versioned + ansible.builtin.fail: + msg: Upgrading packages failed for an unknown reason! + when: not etc_versioned + + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + failed_when: false + + - name: Fail if there're no unstaged changes in /etc + ansible.builtin.fail: + msg: Upgrading packages failed for an unknown reason! + when: not git_status.stdout + + - name: All changes in /etc are in pacman.d/gnupg? + ansible.builtin.shell: | + set -o pipefail && \ + git status --porcelain=v1 \ + | cut -c 4- \ + | grep -G -v '^pacman.d/gnupg/' + args: + chdir: /etc + register: only_gnupg + changed_when: false + failed_when: false + + - name: Commit changes in /etc + ansible.builtin.command: | + etckeeper commit 'pacman: GPG keys' + when: git_status.stdout and only_gnupg.rc != 0 + + - name: Retry upgrading packages + community.general.pacman: + update_cache: true + upgrade: true + register: pacman_result + notify: reboot + + - name: Show upgraded packages + ansible.builtin.debug: + var: pacman_result.packages + when: pacman_result.changed + + - name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/src/roles/rate_mirrors/meta/main.yml b/src/roles/rate_mirrors/meta/main.yml new file mode 100644 index 0000000..4516fa1 --- /dev/null +++ b/src/roles/rate_mirrors/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - {role: etckeeper, when: etc_versioned} diff --git a/src/roles/rate_mirrors/tasks/main.yml b/src/roles/rate_mirrors/tasks/main.yml new file mode 100644 index 0000000..9cdab0d --- /dev/null +++ b/src/roles/rate_mirrors/tasks/main.yml @@ -0,0 +1,45 @@ +- name: As root user + become: true + block: + - name: Fail if there're uncommitted changes in /etc + when: etc_versioned + block: + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + failed_when: false + + - ansible.builtin.fail: + msg: There are uncommitted changes in /etc + when: git_status.stdout + + - name: Rate pacman mirrors + ansible.builtin.shell: | + . /etc/os-release && rate-mirrors \ + --allow-root \ + --disable-comments \ + --save-to-file /etc/pacman.d/mirrorlist \ + "$ID" + + - name: Commit pacman.d/mirrorlist + when: etc_versioned + block: + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + failed_when: false + + - name: Fail if there're other uncommitted changes + ansible.builtin.fail: + msg: How did this happen? + when: git_status.stdout != ' M pacman.d/mirrorlist' + + - name: Commit changes in /etc/pacman.d/mirrorlist + ansible.builtin.command: | + etckeeper commit 'rate-mirrors' diff --git a/src/roles/snap/meta/main.yml b/src/roles/snap/meta/main.yml new file mode 100644 index 0000000..4516fa1 --- /dev/null +++ b/src/roles/snap/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - {role: etckeeper, when: etc_versioned} diff --git a/src/roles/snap/tasks/main.yml b/src/roles/snap/tasks/main.yml new file mode 100644 index 0000000..cce49b0 --- /dev/null +++ b/src/roles/snap/tasks/main.yml @@ -0,0 +1,27 @@ +- name: As root user + become: true + block: + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + failed_when: false + + - name: All changes in /etc are snap changes? + ansible.builtin.shell: | + set -o pipefail && \ + git status --porcelain=v1 \ + | cut -c 4- \ + | grep -G -v '^systemd/system/' \ + | grep -G -v '/snap\.\|snap-' + args: + chdir: /etc + register: only_snap + changed_when: false + failed_when: false + + - name: Commit changes in /etc + ansible.builtin.command: etckeeper commit 'after snap run' + when: git_status.stdout and only_snap.rc != 0 diff --git a/src/roles/vagrant/tasks/main.yml b/src/roles/vagrant/tasks/main.yml new file mode 100644 index 0000000..32e9722 --- /dev/null +++ b/src/roles/vagrant/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Update plugins + ansible.builtin.command: vagrant plugin update + +- name: Prune invalid entries + ansible.builtin.command: vagrant global-status --prune + become: true + +- name: Clean up boxes + ansible.builtin.command: vagrant box prune --force --keep-active-boxes diff --git a/src/roles/yay/meta/main.yml b/src/roles/yay/meta/main.yml new file mode 100644 index 0000000..d708443 --- /dev/null +++ b/src/roles/yay/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - {role: pacman, when: has_pacman} diff --git a/src/roles/yay/tasks/main.yml b/src/roles/yay/tasks/main.yml new file mode 100644 index 0000000..42150bf --- /dev/null +++ b/src/roles/yay/tasks/main.yml @@ -0,0 +1,16 @@ +- name: Upgrade packages + kewlfft.aur.aur: + use: yay + update_cache: true + upgrade: true + aur_only: true + register: yay_result + notify: reboot + +- name: Show yay result + ansible.builtin.debug: + var: yay_result + when: yay_result + +- name: Flush handlers + ansible.builtin.meta: flush_handlers |