From e1fb7bf6dbc9249c62b0e1255bf83b3c0df35378 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Thu, 5 Aug 2021 16:09:45 +0300 Subject: initial commit --- .gitattributes | 1 + inventory.ini | 9 ++++++++ maintenance.yml | 10 ++++++++ roles/apt/handlers/main.yml | 8 +++++++ roles/apt/tasks/main.yml | 23 +++++++++++++++++++ roles/docker/tasks/main.yml | 17 ++++++++++++++ roles/etckeeper/defaults/main.yml | 2 ++ roles/etckeeper/tasks/main.yml | 22 ++++++++++++++++++ roles/flatpak/tasks/main.yml | 10 ++++++++ roles/pacman/handlers/main.yml | 8 +++++++ roles/pacman/tasks/main.yml | 48 +++++++++++++++++++++++++++++++++++++++ roles/snap/tasks/main.yml | 23 +++++++++++++++++++ roles/vagrant/tasks/main.yml | 16 +++++++++++++ 13 files changed, 197 insertions(+) create mode 100644 .gitattributes create mode 100644 inventory.ini create mode 100644 maintenance.yml create mode 100644 roles/apt/handlers/main.yml create mode 100644 roles/apt/tasks/main.yml create mode 100644 roles/docker/tasks/main.yml create mode 100644 roles/etckeeper/defaults/main.yml create mode 100644 roles/etckeeper/tasks/main.yml create mode 100644 roles/flatpak/tasks/main.yml create mode 100644 roles/pacman/handlers/main.yml create mode 100644 roles/pacman/tasks/main.yml create mode 100644 roles/snap/tasks/main.yml create mode 100644 roles/vagrant/tasks/main.yml diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..176a458 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* text=auto diff --git a/inventory.ini b/inventory.ini new file mode 100644 index 0000000..47cc106 --- /dev/null +++ b/inventory.ini @@ -0,0 +1,9 @@ +pi1 ansible_host=192.168.205.1 +laptop2 ansible_host=192.168.205.2 +pc1 ansible_host=192.168.205.3 +pi2 ansible_host=192.168.205.4 +web ansible_host=192.168.205.8 +vpn ansible_host=192.168.205.254 ansible_port=80 ansible_user=algo + +[all:vars] +ansible_user=egor diff --git a/maintenance.yml b/maintenance.yml new file mode 100644 index 0000000..411bafe --- /dev/null +++ b/maintenance.yml @@ -0,0 +1,10 @@ +- name: Maintenance + hosts: all + roles: + - etckeeper + - snap + - apt + - pacman + - docker + - flatpak + - vagrant diff --git a/roles/apt/handlers/main.yml b/roles/apt/handlers/main.yml new file mode 100644 index 0000000..9dd7b9f --- /dev/null +++ b/roles/apt/handlers/main.yml @@ -0,0 +1,8 @@ +- name: Reboot + reboot: + when: 'ansible_env["SSH_CLIENT"].split()[0] not in ansible_all_ipv4_addresses' + +- name: Wait for connectivity + # One of the nodes is the VPN server connecting all the other nodes, wait + # until all of them are back up: + wait_for_connection: diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml new file mode 100644 index 0000000..dd56a43 --- /dev/null +++ b/roles/apt/tasks/main.yml @@ -0,0 +1,23 @@ +- name: Find apt + command: apt-get --version + register: apt_version + changed_when: no + ignore_errors: yes + +- when: apt_version.rc == 0 + become: yes + block: + - name: Upgrade packages + apt: + upgrade: full + notify: + - Reboot + - Wait for connectivity + + - name: Clean up dependencies + apt: + autoremove: yes + purge: yes + notify: + - Reboot + - Wait for connectivity diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 0000000..2b0d508 --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,17 @@ +- name: Check if Docker is installed + command: docker --version + register: docker_version + changed_when: no + ignore_errors: yes + +- name: Clean up Docker data + become: yes + community.docker.docker_prune: + containers: yes + images: yes + images_filters: + dangling: false + networks: yes + volumes: yes + builder_cache: yes + when: docker_version.rc == 0 diff --git a/roles/etckeeper/defaults/main.yml b/roles/etckeeper/defaults/main.yml new file mode 100644 index 0000000..077855f --- /dev/null +++ b/roles/etckeeper/defaults/main.yml @@ -0,0 +1,2 @@ +git_name: Egor Tensin +git_email: Egor.Tensin@gmail.com diff --git a/roles/etckeeper/tasks/main.yml b/roles/etckeeper/tasks/main.yml new file mode 100644 index 0000000..9793496 --- /dev/null +++ b/roles/etckeeper/tasks/main.yml @@ -0,0 +1,22 @@ +- become: yes + block: + - name: Check if /etc is versioned + stat: + path: /etc/.git/config + register: etc_versioned + + - when: etc_versioned + block: + - name: Set user.name + community.general.git_config: + scope: local + repo: /etc + name: user.name + value: '{{ git_name }}' + + - name: Set user.email + community.general.git_config: + scope: local + repo: /etc + name: user.email + value: '{{ git_email }}' diff --git a/roles/flatpak/tasks/main.yml b/roles/flatpak/tasks/main.yml new file mode 100644 index 0000000..80a84ff --- /dev/null +++ b/roles/flatpak/tasks/main.yml @@ -0,0 +1,10 @@ +- name: Check if flatpak is installed + command: flatpak --version + register: flatpak_version + changed_when: no + ignore_errors: yes + +- when: flatpak_version.rc == 0 + name: Upgrade packages + command: flatpak update --noninteractive + become: yes diff --git a/roles/pacman/handlers/main.yml b/roles/pacman/handlers/main.yml new file mode 100644 index 0000000..9dd7b9f --- /dev/null +++ b/roles/pacman/handlers/main.yml @@ -0,0 +1,8 @@ +- name: Reboot + reboot: + when: 'ansible_env["SSH_CLIENT"].split()[0] not in ansible_all_ipv4_addresses' + +- name: Wait for connectivity + # One of the nodes is the VPN server connecting all the other nodes, wait + # until all of them are back up: + wait_for_connection: diff --git a/roles/pacman/tasks/main.yml b/roles/pacman/tasks/main.yml new file mode 100644 index 0000000..8e20aa5 --- /dev/null +++ b/roles/pacman/tasks/main.yml @@ -0,0 +1,48 @@ +- name: Check if pacman is installed + command: pacman --version + register: pacman_version + changed_when: no + ignore_errors: yes + +- when: pacman_version.rc == 0 + become: yes + block: + - name: Upgrade packages + community.general.pacman: + update_cache: yes + upgrade: yes + notify: + - Reboot + - Wait for connectivity + rescue: + - fail: + msg: Upgrading packages failed for an unknown reason! + when: not etc_versioned + + - name: There are uncommitted changes + shell: cd /etc && git status --porcelain=v1 + register: git_status + changed_when: no + + - fail: + msg: Upgrading packages failed for an unknown reason! + when: not git_status.stdout + + - name: All changes are pacman.d/gnupg + shell: cd /etc && git status --porcelain=v1 | cut -c 4- | grep -G -v '^pacman.d/gnupg/' + register: only_gnupg + changed_when: no + ignore_errors: yes + + - name: Commit pacman.d/gnupg + command: | + etckeeper commit 'pacman: GPG keys' + when: git_status.stdout and only_gnupg.rc != 0 + + - name: Upgrade packages after GPG keys + community.general.pacman: + update_cache: yes + upgrade: yes + notify: + - Reboot + - Wait for connectivity diff --git a/roles/snap/tasks/main.yml b/roles/snap/tasks/main.yml new file mode 100644 index 0000000..78a9afd --- /dev/null +++ b/roles/snap/tasks/main.yml @@ -0,0 +1,23 @@ +- name: Check if snap is installed + command: snap --version + register: snap_version + changed_when: no + ignore_errors: yes + +- become: yes + when: snap_version.rc == 0 and etc_versioned + block: + - name: There are uncommitted changes + shell: cd /etc && git status --porcelain=v1 + register: git_status + changed_when: no + + - name: All changes are snap changes + shell: cd /etc && git status --porcelain=v1 | cut -c 4- | grep -G -v '^systemd/system/' | grep -G -v '/snap\.\|snap-' + register: only_snap + changed_when: no + ignore_errors: yes + + - name: Commit snap changes + command: etckeeper commit 'after snap run' + when: git_status.stdout and only_snap.rc != 0 diff --git a/roles/vagrant/tasks/main.yml b/roles/vagrant/tasks/main.yml new file mode 100644 index 0000000..f0efdbf --- /dev/null +++ b/roles/vagrant/tasks/main.yml @@ -0,0 +1,16 @@ +- name: Check if vagrant is installed + command: vagrant --version + register: vagrant_version + changed_when: no + ignore_errors: yes + +- when: vagrant_version.rc == 0 + block: + - name: Update plugins + command: vagrant plugin update + + - name: Prune invalid entries + command: vagrant global-status --prune + + - name: Clean up boxes + command: vagrant box prune --force --keep-active-boxes -- cgit v1.2.3