From 727ab17a644d52105746e18c301cf733b1181507 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Mon, 31 Jul 2023 23:44:54 +0200 Subject: move Ansible files to src/ --- Makefile | 6 ++-- inventory.ini | 13 ------- maintenance.yml | 12 ------- requirements.yml | 5 --- roles/apt/meta/main.yml | 3 -- roles/apt/tasks/main.yml | 19 ---------- roles/common/handlers/main.yml | 24 ------------- roles/common/tasks/main.yml | 17 --------- roles/common/tasks/tool.yml | 8 ----- roles/docker/tasks/main.yml | 3 -- roles/dotfiles/defaults/main.yml | 1 - roles/dotfiles/tasks/main.yml | 27 -------------- roles/etckeeper/defaults/main.yml | 2 -- roles/etckeeper/tasks/main.yml | 16 --------- roles/flatpak/tasks/main.yml | 3 -- roles/pacman/meta/main.yml | 4 --- roles/pacman/tasks/main.yml | 67 ----------------------------------- roles/rate_mirrors/meta/main.yml | 3 -- roles/rate_mirrors/tasks/main.yml | 45 ----------------------- roles/snap/meta/main.yml | 3 -- roles/snap/tasks/main.yml | 27 -------------- roles/vagrant/tasks/main.yml | 9 ----- roles/yay/meta/main.yml | 3 -- roles/yay/tasks/main.yml | 16 --------- src/inventory.ini | 13 +++++++ src/playbook.yml | 12 +++++++ src/requirements.yml | 5 +++ src/roles/apt/meta/main.yml | 3 ++ src/roles/apt/tasks/main.yml | 19 ++++++++++ src/roles/common/handlers/main.yml | 24 +++++++++++++ src/roles/common/tasks/main.yml | 17 +++++++++ src/roles/common/tasks/tool.yml | 8 +++++ src/roles/docker/tasks/main.yml | 3 ++ src/roles/dotfiles/defaults/main.yml | 1 + src/roles/dotfiles/tasks/main.yml | 27 ++++++++++++++ src/roles/etckeeper/defaults/main.yml | 2 ++ src/roles/etckeeper/tasks/main.yml | 16 +++++++++ src/roles/flatpak/tasks/main.yml | 3 ++ src/roles/pacman/meta/main.yml | 4 +++ src/roles/pacman/tasks/main.yml | 67 +++++++++++++++++++++++++++++++++++ src/roles/rate_mirrors/meta/main.yml | 3 ++ src/roles/rate_mirrors/tasks/main.yml | 45 +++++++++++++++++++++++ src/roles/snap/meta/main.yml | 3 ++ src/roles/snap/tasks/main.yml | 27 ++++++++++++++ src/roles/vagrant/tasks/main.yml | 9 +++++ src/roles/yay/meta/main.yml | 3 ++ src/roles/yay/tasks/main.yml | 16 +++++++++ 47 files changed, 333 insertions(+), 333 deletions(-) delete mode 100644 inventory.ini delete mode 100644 maintenance.yml delete mode 100644 requirements.yml delete mode 100644 roles/apt/meta/main.yml delete mode 100644 roles/apt/tasks/main.yml delete mode 100644 roles/common/handlers/main.yml delete mode 100644 roles/common/tasks/main.yml delete mode 100644 roles/common/tasks/tool.yml delete mode 100644 roles/docker/tasks/main.yml delete mode 100644 roles/dotfiles/defaults/main.yml delete mode 100644 roles/dotfiles/tasks/main.yml delete mode 100644 roles/etckeeper/defaults/main.yml delete mode 100644 roles/etckeeper/tasks/main.yml delete mode 100644 roles/flatpak/tasks/main.yml delete mode 100644 roles/pacman/meta/main.yml delete mode 100644 roles/pacman/tasks/main.yml delete mode 100644 roles/rate_mirrors/meta/main.yml delete mode 100644 roles/rate_mirrors/tasks/main.yml delete mode 100644 roles/snap/meta/main.yml delete mode 100644 roles/snap/tasks/main.yml delete mode 100644 roles/vagrant/tasks/main.yml delete mode 100644 roles/yay/meta/main.yml delete mode 100644 roles/yay/tasks/main.yml create mode 100644 src/inventory.ini create mode 100644 src/playbook.yml create mode 100644 src/requirements.yml create mode 100644 src/roles/apt/meta/main.yml create mode 100644 src/roles/apt/tasks/main.yml create mode 100644 src/roles/common/handlers/main.yml create mode 100644 src/roles/common/tasks/main.yml create mode 100644 src/roles/common/tasks/tool.yml create mode 100644 src/roles/docker/tasks/main.yml create mode 100644 src/roles/dotfiles/defaults/main.yml create mode 100644 src/roles/dotfiles/tasks/main.yml create mode 100644 src/roles/etckeeper/defaults/main.yml create mode 100644 src/roles/etckeeper/tasks/main.yml create mode 100644 src/roles/flatpak/tasks/main.yml create mode 100644 src/roles/pacman/meta/main.yml create mode 100644 src/roles/pacman/tasks/main.yml create mode 100644 src/roles/rate_mirrors/meta/main.yml create mode 100644 src/roles/rate_mirrors/tasks/main.yml create mode 100644 src/roles/snap/meta/main.yml create mode 100644 src/roles/snap/tasks/main.yml create mode 100644 src/roles/vagrant/tasks/main.yml create mode 100644 src/roles/yay/meta/main.yml create mode 100644 src/roles/yay/tasks/main.yml diff --git a/Makefile b/Makefile index 2d5f626..9ecf55f 100644 --- a/Makefile +++ b/Makefile @@ -3,18 +3,18 @@ include prelude.mk LIMIT ?= all $(eval $(call noexpand,LIMIT)) -args := --inventory inventory.ini --limit '$(call escape,$(LIMIT))' +args := --inventory src/inventory.ini --limit '$(call escape,$(LIMIT))' .PHONY: all all: run .PHONY: deps deps: - ansible-galaxy collection install -r requirements.yml + ansible-galaxy collection install -r src/requirements.yml .PHONY: run run: - ansible-playbook $(args) maintenance.yml + ansible-playbook $(args) src/playbook.yml .PHONY: reboot reboot: diff --git a/inventory.ini b/inventory.ini deleted file mode 100644 index 59193de..0000000 --- a/inventory.ini +++ /dev/null @@ -1,13 +0,0 @@ -[raspi] -pi2 ansible_host=192.168.205.4 - -[desktop] -laptop2 ansible_host=192.168.205.2 - -[cloud] -web ansible_host=192.168.205.8 ansible_port=993 -vpn ansible_host=192.168.205.254 ansible_port=80 -vpn-ru ansible_host=192.168.205.13 ansible_port=993 - -[all:vars] -ansible_user=maintenance diff --git a/maintenance.yml b/maintenance.yml deleted file mode 100644 index c152a21..0000000 --- a/maintenance.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Maintenance - hosts: all - roles: - - common - - dotfiles - - {role: snap, when: has_snap and etc_versioned} - - {role: apt, when: has_apt} - - {role: pacman, when: has_pacman} - - {role: yay, when: has_yay} - - {role: flatpak, when: has_flatpak} - - {role: vagrant, when: has_vagrant} - - {role: docker, when: has_docker} diff --git a/requirements.yml b/requirements.yml deleted file mode 100644 index 42d7f65..0000000 --- a/requirements.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -collections: - # Yay-compatible module: - - name: kewlfft.aur - version: 0.11.1 diff --git a/roles/apt/meta/main.yml b/roles/apt/meta/main.yml deleted file mode 100644 index 4516fa1..0000000 --- a/roles/apt/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - {role: etckeeper, when: etc_versioned} diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml deleted file mode 100644 index 297307b..0000000 --- a/roles/apt/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: Upgrade packages - become: true - ansible.builtin.apt: - update_cache: true - upgrade: full - notify: reboot - -- name: Flush handlers - ansible.builtin.meta: flush_handlers - -- name: Clean up dependencies - become: true - ansible.builtin.apt: - autoremove: true - purge: true - notify: reboot - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml deleted file mode 100644 index 4942957..0000000 --- a/roles/common/handlers/main.yml +++ /dev/null @@ -1,24 +0,0 @@ -- name: Reboot - ansible.builtin.reboot: - args: - # On my trusty old Raspberry Pi 1 Model B+, /proc/sys/kernel/random/boot_id - # can sometimes stay the same between reboots. Apparently, not enough - # entropy or something. - boot_time_command: uptime -s - # Another option is `who -s`. This option requires Ansible 2.10 or later. - - # 5 minutes is plenty. - reboot_timeout: 300 - # Don't reboot yourself accidentally: - when: 'ansible_env["SSH_CLIENT"].split()[0] not in ansible_all_ipv4_addresses' - become: true - listen: reboot - -- name: Wait for connectivity - # One of the nodes is the VPN server connecting all the other nodes, wait - # until all of them are back up: - ansible.builtin.wait_for_connection: - args: - # 5 minutes is plenty. - timeout: 300 - listen: reboot diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml deleted file mode 100644 index fb0eaed..0000000 --- a/roles/common/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -- name: Check available tools - ansible.builtin.include_tasks: tool.yml - loop: - - apt - - docker - - flatpak - - pacman - - rate-mirrors - - snap - - vagrant - - yay - -- name: Check if /etc is versioned - become: true - ansible.builtin.stat: - path: /etc/.git/config - register: etc_versioned diff --git a/roles/common/tasks/tool.yml b/roles/common/tasks/tool.yml deleted file mode 100644 index 48d0acc..0000000 --- a/roles/common/tasks/tool.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: "Check for {{ item }}" - ansible.builtin.command: "{{ item }} --version" - register: cmd_result - changed_when: false - failed_when: false - -- name: "Set fact about {{ item }}" - ansible.builtin.set_fact: "has_{{ item | replace('-', '_') }}={{ cmd_result.rc == 0 }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml deleted file mode 100644 index 601dca2..0000000 --- a/roles/docker/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Clean up Docker data - become: true - ansible.builtin.command: docker system prune -a -f --volumes diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml deleted file mode 100644 index 0ce4769..0000000 --- a/roles/dotfiles/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -dotfiles_user: egor diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml deleted file mode 100644 index 4230aac..0000000 --- a/roles/dotfiles/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ -- name: ssh-agent hack - ansible.posix.acl: - path: "{{ item }}" - etype: user - entity: "{{ dotfiles_user }}" - permissions: rwx - state: present - loop: - - "{{ ansible_env.SSH_AUTH_SOCK | dirname }}" - - "{{ ansible_env.SSH_AUTH_SOCK }}" - -- name: Update my dotfiles - become: true - become_user: "{{ dotfiles_user }}" - block: - - name: Pull repositories - ansible.builtin.git: - accept_hostkey: true - dest: "~/workspace/personal/{{ item }}" - repo: "git@github.com:egor-tensin/{{ item }}.git" - loop: - - linux-home - - - name: Run setup.sh - ansible.builtin.command: ./setup.sh - args: - chdir: ~/workspace/personal/linux-home diff --git a/roles/etckeeper/defaults/main.yml b/roles/etckeeper/defaults/main.yml deleted file mode 100644 index 077855f..0000000 --- a/roles/etckeeper/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -git_name: Egor Tensin -git_email: Egor.Tensin@gmail.com diff --git a/roles/etckeeper/tasks/main.yml b/roles/etckeeper/tasks/main.yml deleted file mode 100644 index 19f9b86..0000000 --- a/roles/etckeeper/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Make sure git is configured - become: true - block: - - name: Set user.name - community.general.git_config: - scope: local - repo: /etc - name: user.name - value: '{{ git_name }}' - - - name: Set user.email - community.general.git_config: - scope: local - repo: /etc - name: user.email - value: '{{ git_email }}' diff --git a/roles/flatpak/tasks/main.yml b/roles/flatpak/tasks/main.yml deleted file mode 100644 index 4aa39a2..0000000 --- a/roles/flatpak/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Upgrade packages - ansible.builtin.command: flatpak update --noninteractive - become: true diff --git a/roles/pacman/meta/main.yml b/roles/pacman/meta/main.yml deleted file mode 100644 index f9d9a85..0000000 --- a/roles/pacman/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - role: common - - {role: etckeeper, when: etc_versioned} - - {role: rate_mirrors, when: has_rate_mirrors} diff --git a/roles/pacman/tasks/main.yml b/roles/pacman/tasks/main.yml deleted file mode 100644 index ed9250d..0000000 --- a/roles/pacman/tasks/main.yml +++ /dev/null @@ -1,67 +0,0 @@ -- name: Upgrade packages or fail gracefully - become: true - block: - - name: Upgrade packages - community.general.pacman: - update_cache: true - upgrade: true - register: pacman_result - notify: reboot - - - name: Show upgraded packages - ansible.builtin.debug: - var: pacman_result.packages - when: pacman_result.changed - - - name: Flush handlers - ansible.builtin.meta: flush_handlers - rescue: - - name: Fail if /etc is not versioned - ansible.builtin.fail: - msg: Upgrading packages failed for an unknown reason! - when: not etc_versioned - - - name: Check for changes in /etc - ansible.builtin.command: git status --porcelain=v1 - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: false - - - name: Fail if there're no unstaged changes in /etc - ansible.builtin.fail: - msg: Upgrading packages failed for an unknown reason! - when: not git_status.stdout - - - name: All changes in /etc are in pacman.d/gnupg? - ansible.builtin.shell: | - set -o pipefail && \ - git status --porcelain=v1 \ - | cut -c 4- \ - | grep -G -v '^pacman.d/gnupg/' - args: - chdir: /etc - register: only_gnupg - changed_when: false - failed_when: false - - - name: Commit changes in /etc - ansible.builtin.command: | - etckeeper commit 'pacman: GPG keys' - when: git_status.stdout and only_gnupg.rc != 0 - - - name: Retry upgrading packages - community.general.pacman: - update_cache: true - upgrade: true - register: pacman_result - notify: reboot - - - name: Show upgraded packages - ansible.builtin.debug: - var: pacman_result.packages - when: pacman_result.changed - - - name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/roles/rate_mirrors/meta/main.yml b/roles/rate_mirrors/meta/main.yml deleted file mode 100644 index 4516fa1..0000000 --- a/roles/rate_mirrors/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - {role: etckeeper, when: etc_versioned} diff --git a/roles/rate_mirrors/tasks/main.yml b/roles/rate_mirrors/tasks/main.yml deleted file mode 100644 index 9cdab0d..0000000 --- a/roles/rate_mirrors/tasks/main.yml +++ /dev/null @@ -1,45 +0,0 @@ -- name: As root user - become: true - block: - - name: Fail if there're uncommitted changes in /etc - when: etc_versioned - block: - - name: Check for changes in /etc - ansible.builtin.command: git status --porcelain=v1 - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: false - - - ansible.builtin.fail: - msg: There are uncommitted changes in /etc - when: git_status.stdout - - - name: Rate pacman mirrors - ansible.builtin.shell: | - . /etc/os-release && rate-mirrors \ - --allow-root \ - --disable-comments \ - --save-to-file /etc/pacman.d/mirrorlist \ - "$ID" - - - name: Commit pacman.d/mirrorlist - when: etc_versioned - block: - - name: Check for changes in /etc - ansible.builtin.command: git status --porcelain=v1 - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: false - - - name: Fail if there're other uncommitted changes - ansible.builtin.fail: - msg: How did this happen? - when: git_status.stdout != ' M pacman.d/mirrorlist' - - - name: Commit changes in /etc/pacman.d/mirrorlist - ansible.builtin.command: | - etckeeper commit 'rate-mirrors' diff --git a/roles/snap/meta/main.yml b/roles/snap/meta/main.yml deleted file mode 100644 index 4516fa1..0000000 --- a/roles/snap/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - {role: etckeeper, when: etc_versioned} diff --git a/roles/snap/tasks/main.yml b/roles/snap/tasks/main.yml deleted file mode 100644 index cce49b0..0000000 --- a/roles/snap/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ -- name: As root user - become: true - block: - - name: Check for changes in /etc - ansible.builtin.command: git status --porcelain=v1 - args: - chdir: /etc - register: git_status - changed_when: false - failed_when: false - - - name: All changes in /etc are snap changes? - ansible.builtin.shell: | - set -o pipefail && \ - git status --porcelain=v1 \ - | cut -c 4- \ - | grep -G -v '^systemd/system/' \ - | grep -G -v '/snap\.\|snap-' - args: - chdir: /etc - register: only_snap - changed_when: false - failed_when: false - - - name: Commit changes in /etc - ansible.builtin.command: etckeeper commit 'after snap run' - when: git_status.stdout and only_snap.rc != 0 diff --git a/roles/vagrant/tasks/main.yml b/roles/vagrant/tasks/main.yml deleted file mode 100644 index 32e9722..0000000 --- a/roles/vagrant/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -- name: Update plugins - ansible.builtin.command: vagrant plugin update - -- name: Prune invalid entries - ansible.builtin.command: vagrant global-status --prune - become: true - -- name: Clean up boxes - ansible.builtin.command: vagrant box prune --force --keep-active-boxes diff --git a/roles/yay/meta/main.yml b/roles/yay/meta/main.yml deleted file mode 100644 index d708443..0000000 --- a/roles/yay/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - {role: pacman, when: has_pacman} diff --git a/roles/yay/tasks/main.yml b/roles/yay/tasks/main.yml deleted file mode 100644 index 42150bf..0000000 --- a/roles/yay/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Upgrade packages - kewlfft.aur.aur: - use: yay - update_cache: true - upgrade: true - aur_only: true - register: yay_result - notify: reboot - -- name: Show yay result - ansible.builtin.debug: - var: yay_result - when: yay_result - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/src/inventory.ini b/src/inventory.ini new file mode 100644 index 0000000..59193de --- /dev/null +++ b/src/inventory.ini @@ -0,0 +1,13 @@ +[raspi] +pi2 ansible_host=192.168.205.4 + +[desktop] +laptop2 ansible_host=192.168.205.2 + +[cloud] +web ansible_host=192.168.205.8 ansible_port=993 +vpn ansible_host=192.168.205.254 ansible_port=80 +vpn-ru ansible_host=192.168.205.13 ansible_port=993 + +[all:vars] +ansible_user=maintenance diff --git a/src/playbook.yml b/src/playbook.yml new file mode 100644 index 0000000..c152a21 --- /dev/null +++ b/src/playbook.yml @@ -0,0 +1,12 @@ +- name: Maintenance + hosts: all + roles: + - common + - dotfiles + - {role: snap, when: has_snap and etc_versioned} + - {role: apt, when: has_apt} + - {role: pacman, when: has_pacman} + - {role: yay, when: has_yay} + - {role: flatpak, when: has_flatpak} + - {role: vagrant, when: has_vagrant} + - {role: docker, when: has_docker} diff --git a/src/requirements.yml b/src/requirements.yml new file mode 100644 index 0000000..42d7f65 --- /dev/null +++ b/src/requirements.yml @@ -0,0 +1,5 @@ +--- +collections: + # Yay-compatible module: + - name: kewlfft.aur + version: 0.11.1 diff --git a/src/roles/apt/meta/main.yml b/src/roles/apt/meta/main.yml new file mode 100644 index 0000000..4516fa1 --- /dev/null +++ b/src/roles/apt/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - {role: etckeeper, when: etc_versioned} diff --git a/src/roles/apt/tasks/main.yml b/src/roles/apt/tasks/main.yml new file mode 100644 index 0000000..297307b --- /dev/null +++ b/src/roles/apt/tasks/main.yml @@ -0,0 +1,19 @@ +- name: Upgrade packages + become: true + ansible.builtin.apt: + update_cache: true + upgrade: full + notify: reboot + +- name: Flush handlers + ansible.builtin.meta: flush_handlers + +- name: Clean up dependencies + become: true + ansible.builtin.apt: + autoremove: true + purge: true + notify: reboot + +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/src/roles/common/handlers/main.yml b/src/roles/common/handlers/main.yml new file mode 100644 index 0000000..4942957 --- /dev/null +++ b/src/roles/common/handlers/main.yml @@ -0,0 +1,24 @@ +- name: Reboot + ansible.builtin.reboot: + args: + # On my trusty old Raspberry Pi 1 Model B+, /proc/sys/kernel/random/boot_id + # can sometimes stay the same between reboots. Apparently, not enough + # entropy or something. + boot_time_command: uptime -s + # Another option is `who -s`. This option requires Ansible 2.10 or later. + + # 5 minutes is plenty. + reboot_timeout: 300 + # Don't reboot yourself accidentally: + when: 'ansible_env["SSH_CLIENT"].split()[0] not in ansible_all_ipv4_addresses' + become: true + listen: reboot + +- name: Wait for connectivity + # One of the nodes is the VPN server connecting all the other nodes, wait + # until all of them are back up: + ansible.builtin.wait_for_connection: + args: + # 5 minutes is plenty. + timeout: 300 + listen: reboot diff --git a/src/roles/common/tasks/main.yml b/src/roles/common/tasks/main.yml new file mode 100644 index 0000000..fb0eaed --- /dev/null +++ b/src/roles/common/tasks/main.yml @@ -0,0 +1,17 @@ +- name: Check available tools + ansible.builtin.include_tasks: tool.yml + loop: + - apt + - docker + - flatpak + - pacman + - rate-mirrors + - snap + - vagrant + - yay + +- name: Check if /etc is versioned + become: true + ansible.builtin.stat: + path: /etc/.git/config + register: etc_versioned diff --git a/src/roles/common/tasks/tool.yml b/src/roles/common/tasks/tool.yml new file mode 100644 index 0000000..48d0acc --- /dev/null +++ b/src/roles/common/tasks/tool.yml @@ -0,0 +1,8 @@ +- name: "Check for {{ item }}" + ansible.builtin.command: "{{ item }} --version" + register: cmd_result + changed_when: false + failed_when: false + +- name: "Set fact about {{ item }}" + ansible.builtin.set_fact: "has_{{ item | replace('-', '_') }}={{ cmd_result.rc == 0 }}" diff --git a/src/roles/docker/tasks/main.yml b/src/roles/docker/tasks/main.yml new file mode 100644 index 0000000..601dca2 --- /dev/null +++ b/src/roles/docker/tasks/main.yml @@ -0,0 +1,3 @@ +- name: Clean up Docker data + become: true + ansible.builtin.command: docker system prune -a -f --volumes diff --git a/src/roles/dotfiles/defaults/main.yml b/src/roles/dotfiles/defaults/main.yml new file mode 100644 index 0000000..0ce4769 --- /dev/null +++ b/src/roles/dotfiles/defaults/main.yml @@ -0,0 +1 @@ +dotfiles_user: egor diff --git a/src/roles/dotfiles/tasks/main.yml b/src/roles/dotfiles/tasks/main.yml new file mode 100644 index 0000000..4230aac --- /dev/null +++ b/src/roles/dotfiles/tasks/main.yml @@ -0,0 +1,27 @@ +- name: ssh-agent hack + ansible.posix.acl: + path: "{{ item }}" + etype: user + entity: "{{ dotfiles_user }}" + permissions: rwx + state: present + loop: + - "{{ ansible_env.SSH_AUTH_SOCK | dirname }}" + - "{{ ansible_env.SSH_AUTH_SOCK }}" + +- name: Update my dotfiles + become: true + become_user: "{{ dotfiles_user }}" + block: + - name: Pull repositories + ansible.builtin.git: + accept_hostkey: true + dest: "~/workspace/personal/{{ item }}" + repo: "git@github.com:egor-tensin/{{ item }}.git" + loop: + - linux-home + + - name: Run setup.sh + ansible.builtin.command: ./setup.sh + args: + chdir: ~/workspace/personal/linux-home diff --git a/src/roles/etckeeper/defaults/main.yml b/src/roles/etckeeper/defaults/main.yml new file mode 100644 index 0000000..077855f --- /dev/null +++ b/src/roles/etckeeper/defaults/main.yml @@ -0,0 +1,2 @@ +git_name: Egor Tensin +git_email: Egor.Tensin@gmail.com diff --git a/src/roles/etckeeper/tasks/main.yml b/src/roles/etckeeper/tasks/main.yml new file mode 100644 index 0000000..19f9b86 --- /dev/null +++ b/src/roles/etckeeper/tasks/main.yml @@ -0,0 +1,16 @@ +- name: Make sure git is configured + become: true + block: + - name: Set user.name + community.general.git_config: + scope: local + repo: /etc + name: user.name + value: '{{ git_name }}' + + - name: Set user.email + community.general.git_config: + scope: local + repo: /etc + name: user.email + value: '{{ git_email }}' diff --git a/src/roles/flatpak/tasks/main.yml b/src/roles/flatpak/tasks/main.yml new file mode 100644 index 0000000..4aa39a2 --- /dev/null +++ b/src/roles/flatpak/tasks/main.yml @@ -0,0 +1,3 @@ +- name: Upgrade packages + ansible.builtin.command: flatpak update --noninteractive + become: true diff --git a/src/roles/pacman/meta/main.yml b/src/roles/pacman/meta/main.yml new file mode 100644 index 0000000..f9d9a85 --- /dev/null +++ b/src/roles/pacman/meta/main.yml @@ -0,0 +1,4 @@ +dependencies: + - role: common + - {role: etckeeper, when: etc_versioned} + - {role: rate_mirrors, when: has_rate_mirrors} diff --git a/src/roles/pacman/tasks/main.yml b/src/roles/pacman/tasks/main.yml new file mode 100644 index 0000000..ed9250d --- /dev/null +++ b/src/roles/pacman/tasks/main.yml @@ -0,0 +1,67 @@ +- name: Upgrade packages or fail gracefully + become: true + block: + - name: Upgrade packages + community.general.pacman: + update_cache: true + upgrade: true + register: pacman_result + notify: reboot + + - name: Show upgraded packages + ansible.builtin.debug: + var: pacman_result.packages + when: pacman_result.changed + + - name: Flush handlers + ansible.builtin.meta: flush_handlers + rescue: + - name: Fail if /etc is not versioned + ansible.builtin.fail: + msg: Upgrading packages failed for an unknown reason! + when: not etc_versioned + + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + failed_when: false + + - name: Fail if there're no unstaged changes in /etc + ansible.builtin.fail: + msg: Upgrading packages failed for an unknown reason! + when: not git_status.stdout + + - name: All changes in /etc are in pacman.d/gnupg? + ansible.builtin.shell: | + set -o pipefail && \ + git status --porcelain=v1 \ + | cut -c 4- \ + | grep -G -v '^pacman.d/gnupg/' + args: + chdir: /etc + register: only_gnupg + changed_when: false + failed_when: false + + - name: Commit changes in /etc + ansible.builtin.command: | + etckeeper commit 'pacman: GPG keys' + when: git_status.stdout and only_gnupg.rc != 0 + + - name: Retry upgrading packages + community.general.pacman: + update_cache: true + upgrade: true + register: pacman_result + notify: reboot + + - name: Show upgraded packages + ansible.builtin.debug: + var: pacman_result.packages + when: pacman_result.changed + + - name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/src/roles/rate_mirrors/meta/main.yml b/src/roles/rate_mirrors/meta/main.yml new file mode 100644 index 0000000..4516fa1 --- /dev/null +++ b/src/roles/rate_mirrors/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - {role: etckeeper, when: etc_versioned} diff --git a/src/roles/rate_mirrors/tasks/main.yml b/src/roles/rate_mirrors/tasks/main.yml new file mode 100644 index 0000000..9cdab0d --- /dev/null +++ b/src/roles/rate_mirrors/tasks/main.yml @@ -0,0 +1,45 @@ +- name: As root user + become: true + block: + - name: Fail if there're uncommitted changes in /etc + when: etc_versioned + block: + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + failed_when: false + + - ansible.builtin.fail: + msg: There are uncommitted changes in /etc + when: git_status.stdout + + - name: Rate pacman mirrors + ansible.builtin.shell: | + . /etc/os-release && rate-mirrors \ + --allow-root \ + --disable-comments \ + --save-to-file /etc/pacman.d/mirrorlist \ + "$ID" + + - name: Commit pacman.d/mirrorlist + when: etc_versioned + block: + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + failed_when: false + + - name: Fail if there're other uncommitted changes + ansible.builtin.fail: + msg: How did this happen? + when: git_status.stdout != ' M pacman.d/mirrorlist' + + - name: Commit changes in /etc/pacman.d/mirrorlist + ansible.builtin.command: | + etckeeper commit 'rate-mirrors' diff --git a/src/roles/snap/meta/main.yml b/src/roles/snap/meta/main.yml new file mode 100644 index 0000000..4516fa1 --- /dev/null +++ b/src/roles/snap/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - {role: etckeeper, when: etc_versioned} diff --git a/src/roles/snap/tasks/main.yml b/src/roles/snap/tasks/main.yml new file mode 100644 index 0000000..cce49b0 --- /dev/null +++ b/src/roles/snap/tasks/main.yml @@ -0,0 +1,27 @@ +- name: As root user + become: true + block: + - name: Check for changes in /etc + ansible.builtin.command: git status --porcelain=v1 + args: + chdir: /etc + register: git_status + changed_when: false + failed_when: false + + - name: All changes in /etc are snap changes? + ansible.builtin.shell: | + set -o pipefail && \ + git status --porcelain=v1 \ + | cut -c 4- \ + | grep -G -v '^systemd/system/' \ + | grep -G -v '/snap\.\|snap-' + args: + chdir: /etc + register: only_snap + changed_when: false + failed_when: false + + - name: Commit changes in /etc + ansible.builtin.command: etckeeper commit 'after snap run' + when: git_status.stdout and only_snap.rc != 0 diff --git a/src/roles/vagrant/tasks/main.yml b/src/roles/vagrant/tasks/main.yml new file mode 100644 index 0000000..32e9722 --- /dev/null +++ b/src/roles/vagrant/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Update plugins + ansible.builtin.command: vagrant plugin update + +- name: Prune invalid entries + ansible.builtin.command: vagrant global-status --prune + become: true + +- name: Clean up boxes + ansible.builtin.command: vagrant box prune --force --keep-active-boxes diff --git a/src/roles/yay/meta/main.yml b/src/roles/yay/meta/main.yml new file mode 100644 index 0000000..d708443 --- /dev/null +++ b/src/roles/yay/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - {role: pacman, when: has_pacman} diff --git a/src/roles/yay/tasks/main.yml b/src/roles/yay/tasks/main.yml new file mode 100644 index 0000000..42150bf --- /dev/null +++ b/src/roles/yay/tasks/main.yml @@ -0,0 +1,16 @@ +- name: Upgrade packages + kewlfft.aur.aur: + use: yay + update_cache: true + upgrade: true + aur_only: true + register: yay_result + notify: reboot + +- name: Show yay result + ansible.builtin.debug: + var: yay_result + when: yay_result + +- name: Flush handlers + ansible.builtin.meta: flush_handlers -- cgit v1.2.3