1
0
mirror of https://git.decapod.one/brethil/dotfiles synced 2024-12-21 21:21:34 +01:00

ansible: refactor

This commit is contained in:
bretello 2024-07-04 12:21:21 +02:00
parent 78d36a6073
commit a2f3d6e764
Signed by: brethil
GPG Key ID: 876AAC6290170FE7
21 changed files with 374 additions and 260 deletions

View File

@ -3,7 +3,5 @@
/.dotfiles-update
.mypy_cache
.venv
.git
.zcompdump*
.vagrant

View File

@ -0,0 +1,17 @@
# Archlinux User Repository (AUR)
Role to install [Archlinux User Repository (AUR)](https://aur.archlinux.org/packages) packages.
Add extra packages to the defaults in [vars/main.yml](vars/main.yml) by providing the `aur_extra` variable:
```yaml
- hosts: all
vars:
aur_extra:
- bretellofier
- yay
roles:
- role: aur-packages
```

View File

@ -0,0 +1,6 @@
---
collections:
# - { name: community.general, version: 3.1.0 }
- community.general
# dependencies:
# - role: yay

View File

@ -0,0 +1,24 @@
---
- debug:
msg: "Installing AUR package: {{ package }}"
- name: Clone package repo
become: true
become_method: sudo
become_user: nobody
git:
repo: "https://aur.archlinux.org/{{ package }}.git"
dest: "/home/build/{{ package }}"
# version: master
clone: true
force: true
- name: Build package
become: true
become_method: sudo
become_user: nobody
shell: |
cd "/home/build/{{package}}"
makepkg --force --syncdeps --rmdeps --noconfirm --install
environment:
GOCACHE: /tmp/go_cache/

View File

@ -0,0 +1,34 @@
---
- name: Create build directory
file:
path: "/home/build"
state: directory
mode: "0700"
owner: nobody
- name: Install aur packages
block:
- name: Allow nobody user to run pacman
community.general.sudoers:
name: allow-nobody-pacman
user: nobody
commands:
- /usr/sbin/pacman
# noexec: true # required by makepkg
state: present
- name: Install packages
include_tasks: ./build_package.yml
vars:
package: "{{ item }}"
loop: "{{ aur_packages + aur_extra }} "
always:
- name: Disallow nobody user to run pacman
community.general.sudoers:
name: allow-nobody-pacman
user: nobody
commands:
- /usr/sbin/pacman
noexec: true
state: absent

View File

@ -0,0 +1,4 @@
aur_packages:
- bretellofier
- yay
aur_extra: []

View File

@ -0,0 +1,5 @@
# dotfiles
Role to install dotfiles and do initial configuration of a new host.
Installed packages can be found in [vars/main.yml](vars/main.yml).

View File

@ -0,0 +1,3 @@
---
collections:
- community.general

View File

@ -0,0 +1,149 @@
---
- name: Install required system packages (debian)
apt:
install_recommends: false
update_cache: true
pkg: "{{ packages + packages_debian }}"
state: present
when: ansible_facts['os_family'] == "Debian"
become: true
- name: Install required system packages (arch)
pacman:
update_cache: true
name: "{{ packages + packages_archlinux }}"
state: present
when: ansible_facts['os_family'] == "Archlinux"
become: true
- name: Clone dotfiles repo
git:
repo: https://git.decapod.one/brethil/dotfiles
dest: "{{ dotfiles_path }}"
clone: true
update: false
register: git_clone_result
- debug:
var: git_clone_result['after']
when: git_clone_result['before'] == "null"
- name: Update dotfiles repo
git:
repo: https://git.decapod.one/brethil/dotfiles
dest: "{{ dotfiles_path }}"
clone: false
update: false
when: git_clone_result['before'] != "null"
register: git_update_result
- debug:
var: git_update_result['after']
when: git_update_result['before'] != "null"
- name: directories
file:
dest: "{{ item }}"
state: directory
mode: "0700"
loop: "{{ directories }}"
vars:
directories:
- "$HOME/bin"
- "$HOME/projects"
- "$HOME/git"
- "$HOME/.config/git"
- "$HOME/.ssh/"
- "$HOME/.ssh/sockets"
- "$HOME/.ipython/profile_default"
- name: Set zsh as default shell
user:
name: "{{ ansible_user }}"
shell: /usr/bin/zsh
become: true
- name: Update zshrc
blockinfile:
path: $HOME/.zshrc
marker: "# {mark} brethil dotfiles"
block: |
export DOTFILES={{ dotfiles_path }}
source $DOTFILES/brethil_dotfile.sh
create: true
mode: 600
- name: Update .ssh/config
blockinfile:
path: $HOME/.ssh/config
marker: "# {mark} brethil dotfiles"
insertbefore: "BOF"
block: |
TCPKeepAlive=yes
ServerAliveCountMax=6
## Uncomment to enable compression for all ssh sessions
#Compression=yes
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%n:%p
ControlPersist yes
Host *
ServerAliveInterval 300
create: true
- name: dotfiles symlinks
file:
src: "{{ dotfiles_path }}/{{ item.key }}"
dest: "{{ item.value }}"
state: link
force: yes
loop: "{{ files | dict2items }}"
vars:
files:
"tmux.conf": "~/.tmux.conf"
"vim/vimrc": "~/.vimrc"
"pdbrc.py": "~/.pdbrc.py"
"gitignore": "~/.config/git/ignore"
"ipython/profile_default/ipython_config.py": "~/.ipython/profile_default/ipython_config.py"
"ipython/profile_default/startup": "~/.ipython/profile_default/startup"
- name: Exec vim undodir migration (if required)
command: |
mv ${HOME}/.vim_runtime/temp_dirs/undodir ${HOME}/.vim/undo
args:
removes: .vim_runtime/temp_dirs/undodir
- name: Install and update vim plugins
command: |
vim -c 'PlugInstall|PlugUpdate|qa!'
environment:
- DOTFILES: "{{ dotfiles_path }}"
args:
creates: .vim/vim-plug
- name: Get git config facts
community.general.git_config:
name: "include.path"
scope: global
register: config_value
- name: Set up git config include if required
community.general.git_config:
name: "include.path"
value: "{{ dotfiles_path }}/gitconfig"
scope: global
when: config_value is not defined
- name: check gitignore migration
stat: path=${HOME}/.gitignore
register: gitignore
- name: gitignore migration
shell: |
set -eu
mkdir -p ${HOME}/.config/git
ln -s {{ dotfiles_path }}/gitignore ${HOME}/.config/git/ignore
rm -f ~/.gitignore
when: gitignore.stat.exists

View File

@ -1,3 +1,6 @@
---
dotfiles_path: "$HOME/.dotfiles"
packages:
- "bmon"
- "byobu"
@ -7,26 +10,27 @@ packages:
- "git"
- "grc"
- "htop"
- "iotop"
- "nmap"
- "ripgrep"
- "tmux"
- "tree"
- "vim"
- "zsh"
- "iotop"
packages_debian:
- "pylint"
- "bat"
- "ipython3"
- "mtr-tiny"
- "python3-pip"
- "python3-setuptools"
- "virtualenv"
- "bat"
- "mtr-tiny"
packages_archlinux:
- "man"
- "ipython"
- "python-pylint"
- "python-virtualenv"
- "ansible-language-server"
- "bash-language-server"
- "base-devel"
- "bat"
- "ipython"
- "man"
- "mtr"
- "python-virtualenv"
- "sudo"

View File

@ -1,137 +0,0 @@
---
- name: Setup dotfiles
hosts: all
vars_files:
- ../ansible-packages.yml
vars:
dotfiles_path: "$HOME/.dotfiles"
tasks:
- name: Install required system packages (debian)
apt:
install_recommends: no
update_cache: yes
pkg: "{{ packages + packages_debian }}"
when: ansible_facts['os_family'] == "Debian"
become: true
- name: Install required system packages (arch)
pacman:
update_cache: yes
name: "{{ packages + packages_archlinux }}"
when: ansible_facts['os_family'] == "Archlinux"
become: true
- name: Clone dotfiles repo
git:
repo: https://git.decapod.one/brethil/dotfiles
dest: "{{ dotfiles_path }}"
when: local_development is not defined
- name: directories
file:
dest: "{{ item }}"
state: directory
mode: 0700
loop: "{{ directories }}"
vars:
directories:
- "$HOME/bin"
- "$HOME/projects"
- "$HOME/git"
- "$HOME/.config/git"
- "$HOME/.ssh/"
- "$HOME/.ssh/sockets"
- name: Install antibody
shell: |
set -euo pipefail
curl -sfL https://git.io/antibody | sh -s - -b $HOME/bin/
$HOME/bin/antibody bundle "{{ dotfiles_path }}/antibody_plugins.txt"
args:
executable: /bin/bash
creates: bin/antibody
- name: Set zsh as default shell
user:
name: "{{ ansible_user }}"
shell: /usr/bin/zsh
become: true
- name: Update zshrc
blockinfile:
path: $HOME/.zshrc
marker: "# {mark} brethil dotfiles"
block: |
export DOTFILES={{ dotfiles_path }}
source $DOTFILES/brethil_dotfile.sh
create: true
mode: 600
- name: Update .ssh/config
blockinfile:
path: $HOME/.ssh/config
marker: "# {mark} brethil dotfiles"
insertbefore: "BOF"
block: |
TCPKeepAlive=yes
ServerAliveCountMax=6
## Uncomment to enable compression for all ssh sessions
#Compression=yes
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%n:%p
ControlPersist yes
Host *
ServerAliveInterval 300
create: true
- name: dotfiles symlinks
file:
src: "{{ dotfiles_path }}/{{ item.key }}"
dest: "{{ item.value }}"
state: link
force: yes
loop: "{{ files | dict2items }}"
vars:
files:
"tmux.conf": "~/.tmux.conf"
"vim/vimrc": "~/.vimrc"
"pdbrc.py": "~/.pdbrc.py"
# "ipython": "~/.ipython" # FIXME: ipython config is more complex
"ansible/ansible.cfg": "~/.ansible.cfg"
"gitignore": "~/.config/git/ignore"
- name: Exec vim undodir migration (if required)
command: |
mv ${HOME}/.vim_runtime/temp_dirs/undodir ${HOME}/.vim/undo
args:
removes: .vim_runtime/temp_dirs/undodir
- name: Install vim plugins
command: |
env DOTFILES={{ dotfiles_path }} vim -c 'PlugInstall|qa!'
args:
creates: .vim/vim-plug
- name: Get git config facts
community.general.git_config:
name: "include.path"
scope: global
register: config_value
- debug:
msg: "Git config include.path={{ config_value }}"
- name: Set up git config include if required
community.general.git_config:
name: "include.path"
value: "{{ dotfiles_path }}/gitconfig"
scope: global
when: config_value is not defined
- name: git global .gitignore
copy:
src: ../../gitignore
dest: ~/.gitignore
mode: "0600"

View File

@ -1,25 +0,0 @@
---
- hosts: all
become: true
vars:
DOTFILES: "$HOME/.dotfiles"
tasks:
- name: dotfiles
ansible.builtin.command: git pull --rebase --autostash
args:
chdir: "{{ DOTFILES }}"
- name: antibody
command: antibody update
- name: vim
ansible.builtin.shell: DOTFILES={{DOTFILES}} vim -c 'PlugUpdate|qa!'
- name: check gitignore migration
stat: path=${HOME}/.gitignore
register: gitignore
- name: gitignore migration
command: mkdir -p ${HOME}/.config/git && ln -s ${DOTFILES}/gitignore ${HOME}/.config/git/ignore && rm -f ~/.gitignore
when: gitignore.stat.exists

View File

@ -1,49 +0,0 @@
---
- hosts: all
tasks:
- name: Build directory
shell:
cmd: mkdir /home/build
creates: /home/build
register: build_dir
- name: Prepare build dir
shell: |
chgrp nobody /home/build
chmod g+ws /home/build
when:
- build_dir is defined
- name: yay repo
become: yes
become_method: sudo
become_user: nobody
git:
repo: https://aur.archlinux.org/yay.git
dest: /home/build/yay
version: master
register: repo
- name: Install go (yay dependency)
community.general.pacman:
name:
- go
state: present
- name: build
become: yes
become_method: sudo
become_user: nobody
shell: |
cd /home/build/yay
makepkg
environment:
- GOCACHE: /home/build
- ANSIBLE_REMOTE_TMP: /home/build
- name: Install yay
community.general.pacman:
name:
- /home/build/yay/yay-*.tar.zst
state: present

View File

@ -0,0 +1,53 @@
---
- name: Create build directory
file:
path: "/home/build"
state: directory
mode: "0700"
owner: nobody
- name: Make sure requirements are installed
community.general.pacman:
update_cache: yes
name:
- base-devel
- git
- go
- sudo
state: present
become: true
- name: Clone yay repo
become: true
become_method: sudo
become_user: nobody
git:
repo: https://aur.archlinux.org/yay.git
dest: /home/build/yay
version: master
clone: true
force: true
- name: build
become: true
become_method: sudo
become_user: nobody
shell: |
cd /home/build/yay
makepkg -f
environment:
- GOCACHE: /tmp/gocache
- ANSIBLE_REMOTE_TMP: /tmp/ansible
- name: Get built package
shell: |
ls -rt /home/build/yay/yay*.pkg.tar.zst | grep -v debug | tail -1
register: yay_package
- debug:
msg: "Built {{ yay_package.stdout }}"
- name: Install yay
community.general.pacman:
name: "{{ yay_package.stdout }}"
state: present

View File

@ -1,16 +1,18 @@
FROM archlinux:latest
ENV TERM=xterm-256color
RUN pacman --noconfirm -Syu && pacman --noconfirm -Sy \
python \
openssh \
&& rm -rf /var/cache/pacman/*
RUN --mount=type=cache,target=/var/cache/pacman \
pacman --noconfirm -Syu && pacman --noconfirm -Sy \
python \
openssh
# uncomment to hardcode ssh_host keys in the image
# RUN ssh-keygen -A
COPY id_ed25519.pub /root/.ssh/authorized_keys
WORKDIR /root/
COPY entrypoint.sh /
VOLUME ["/root/.dotfiles"]
CMD ["bash", "/entrypoint.sh"]
WORKDIR /root/.dotfiles
COPY . .
RUN cat dev/id_ed25519.pub >> /root/.ssh/authorized_keys
CMD ["bash", "dev/entrypoint.sh"]

View File

@ -1,17 +1,20 @@
FROM debian:unstable
ENV TERM=xterm-256color
RUN apt-get update && apt-get install -y --no-install-recommends \
openssh-server \
python python3 && \
rm -rf /var/cache/apt/* /etc/ssh/ssh_host_*
RUN --mount=type=cache,target=/var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
openssh-server \
python python3 \
&& rm -rf /etc/ssh/ssh_host_*
# ssh host keys are generated by entrypoint, remove rm /etc/ssh/ssh_host*
# to hardcode ssh host keys into the image
RUN mkdir /run/sshd
COPY id_ed25519.pub /root/.ssh/authorized_keys
WORKDIR /root/
COPY entrypoint.sh /
VOLUME ["/root/.dotfiles"]
CMD ["bash", "/entrypoint.sh"]
WORKDIR /root/.dotfiles
COPY . .
RUN cat dev/id_ed25519.pub >> /root/.ssh/authorized_keys
CMD ["bash", "dev/entrypoint.sh"]

View File

@ -25,23 +25,33 @@ arch archlinux: clean build-arch run
build: build-arch
build-debian: Dockerfile.debian
docker build -t brethil/dotfiles:dev -f Dockerfile.debian .
docker build -t brethil/dotfiles:dev -f Dockerfile.debian ..
build-arch: Dockerfile.archlinux
docker build -t brethil/dotfiles:dev -f Dockerfile.archlinux .
docker build -t brethil/dotfiles:dev -f Dockerfile.archlinux ..
run: _run
echo -e ${GREEN} "***" ${CLEAR} Watching logs from the container. Hit Ctrl+C to stop watching.
docker logs -f dotfiles-dev
_run: Dockerfile.archlinux Dockerfile.debian build clean
docker run -d --name=dotfiles-dev -v ${PWD}/..:/root/.dotfiles brethil/dotfiles:dev
_run: clean build
# docker run -d --rm --name=dotfiles-dev -v ${PWD}/..:/root/.dotfiles:ro brethil/dotfiles:dev
docker run -d --rm --name=dotfiles-dev brethil/dotfiles:dev
echo -en ${GREEN} "***" ${CLEAR} Started container, listening on
echo -e ${BOLD}${WHITE} `docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' dotfiles-dev`:22 ${CLEAR}
echo -e ${BLUE} "***" ${CLEAR} Run \`make clean\` to stop and remove the container
echo -e ${BLUE} "***" ${CLEAR} Run \`make clean\` to stop and remove the container, \`make run\` to check the logs.
ansible: ../ansible/playbooks/setup.yml _run
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ansible-hosts -e local_development=true ../ansible/playbooks/setup.yml
ansible: SHELL:=/bin/bash
ansible: ../playbook.yml _run
@ip_address=$$(docker inspect dotfiles-dev --format '{{.NetworkSettings.IPAddress}}'); \
if [[ -z "$$ip_address" ]]; then \
echo "ip address is not defined, is your container running?" >&2; \
exit 1; \
else \
sed -i "s/172.18.0.2/$$ip_address/" ansible-hosts; \
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ansible-hosts ../playbook.yml; \
fi
release: build-arch ansible
docker commit -m "install and initialize dotfiles (ansible)" dotfiles-dev brethil/dotfiles:latest
@ -55,4 +65,4 @@ release: build-arch ansible
clean:
echo -e ${GREEN} "***" ${CLEAR} Stopping and removing \"dockerfiles-dev\" container...
docker kill dotfiles-dev &>/dev/null &>/dev/null && echo -e ${GREEN} "***" ${CLEAR} Killed container: dotfiles-dev || echo -e ${BLUE} "***" ${CLEAR} no containers to stop
docker rm dotfiles-dev &>/dev/null && echo -e ${GREEN} "***" ${CLEAR} Removed container: dotfiles-dev || echo -e ${BLUE} "***" ${CLEAR} no containers to remove
docker stop dotfiles-dev &>/dev/null && echo -e ${GREEN} "***" ${CLEAR} Removed container: dotfiles-dev || echo -e ${BLUE} "***" ${CLEAR} no containers to remove

View File

@ -16,15 +16,19 @@ Start a builder in one shell:
while true; do make _run; done
```
_check for the docker IP of the started container_.
Test the playbook in another shell:
Check for the docker IP of the started container:
```bash
ansible-playbook -v -i ./ansible-hosts playbooks/setup.yml
docker inspect dotfiles-dev --format '{{.NetworkSettings.IPAddress}}'
```
note: the ip address in `ansible-hosts` might have changed from `172.18.0.2`.
Make sure that this matches the IP in [ansible-hosts](/dev/ansible-hosts)
Test the playbook:
```bash
ansible-playbook -v -i ansible-hosts ../playbook.yml
```
## Docker images
@ -41,14 +45,11 @@ the local repository bind-mounted on `/root/.dotfiles`. To use a custom volume:
docker run -v <volume>:/root/dofiles`
```
**IMPORTANT** if bind-mounting an already existing repository, run
`ansible` with `-e local_development=true` to avoid
clobbering the git history if you have unpushed commit (it won't
work if your repo is dirty).
Ansible can now be used to test the installation.
make ansible
```bash
make ansible
```
## Releasing

View File

@ -1,2 +1,2 @@
[dev]
172.18.0.2 ansible_user=root ansible_python_interpreter=python3 DOTFILES=~/.dotfiles
[docker]
172.18.0.2 ansible_user=root ansible_python_interpreter=python3 alias=dotfiles_dev_container

View File

@ -1,5 +1,8 @@
[defaults]
forks = 10
strategy=free
pipelining = true
internal_poll_interval = 0.001
roles_path = ../ansible

9
playbook.yml Normal file
View File

@ -0,0 +1,9 @@
---
- hosts: all
vars:
archlinux: ansible_facts['os_family'] == "Archlinux"
roles:
- dotfiles
- { role: aur_packages, when: archlinux, tags: ["aur", "aur-packages"] }