forked from evolix/ansible-roles
etc-git: add versioning for /usr/share/scripts on Debian 10+
The repository.yml task file is generic and can be called for vrious repositories. On Debian 10, /usr/share/scripts is versioned
This commit is contained in:
parent
6b77372f24
commit
049d36ab8f
|
@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release.
|
|||
* apt: check if cron is installed before adding a cron job
|
||||
* apt: remove jessie/buster sources from Gandi servers
|
||||
* certbot : new role to install and configure certbot
|
||||
* etc-git: add versioning for /usr/share/scripts on Debian 10+
|
||||
* evoacme: upstream version 19.11
|
||||
* evolinux-base: default value for "evolinux_ssh_group"
|
||||
* evolinux-base: install /sbin/deny
|
||||
|
|
|
@ -7,49 +7,10 @@
|
|||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: /etc is versioned with git
|
||||
command: "git init ."
|
||||
args:
|
||||
chdir: /etc
|
||||
creates: /etc/.git/
|
||||
warn: no
|
||||
register: git_init
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: Git user.email is configured
|
||||
git_config:
|
||||
name: user.email
|
||||
repo: /etc
|
||||
scope: local
|
||||
value: "root@{{ ansible_fqdn | default('localhost') }}"
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: /etc/.git is restricted to root
|
||||
file:
|
||||
path: /etc/.git
|
||||
owner: root
|
||||
mode: "0700"
|
||||
state: directory
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: /etc/.gitignore is present
|
||||
copy:
|
||||
src: gitignore
|
||||
dest: /etc/.gitignore
|
||||
owner: root
|
||||
mode: "0600"
|
||||
force: no
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: Some entries MUST be in the /etc/.gitignore file
|
||||
lineinfile:
|
||||
dest: /etc/.gitignore
|
||||
line: "{{ item }}"
|
||||
with_items:
|
||||
- include: repository.yml
|
||||
vars:
|
||||
repository_path: "/etc"
|
||||
gitignore_items:
|
||||
- "aliases.db"
|
||||
- "*.swp"
|
||||
- "postfix/sa-blacklist.access"
|
||||
|
@ -57,30 +18,19 @@
|
|||
- "postfix/spamd.cidr"
|
||||
- "evobackup/.keep-*"
|
||||
- "letsencrypt/.certbot.lock"
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: does /etc/ have any commit?
|
||||
command: "git log"
|
||||
args:
|
||||
chdir: /etc
|
||||
warn: no
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
register: git_log
|
||||
check_mode: no
|
||||
tags:
|
||||
- etc-git
|
||||
- name: verify /usr/share/scripts presence
|
||||
stat:
|
||||
path: /usr/share/scripts
|
||||
register: _usr_share_scripts
|
||||
|
||||
- name: initial commit is present?
|
||||
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
||||
args:
|
||||
chdir: /etc
|
||||
warn: no
|
||||
register: git_commit
|
||||
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
|
||||
tags:
|
||||
- etc-git
|
||||
- include: repository.yml
|
||||
vars:
|
||||
repository_path: "/usr/share/scripts"
|
||||
gitignore_items: []
|
||||
when:
|
||||
- _usr_share_scripts.stat.isdir
|
||||
- ansible_distribution_major_version | version_compare('10', '>=')
|
||||
|
||||
- name: Check if cron is installed
|
||||
shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
|
||||
|
|
73
etc-git/tasks/repository.yml
Normal file
73
etc-git/tasks/repository.yml
Normal file
|
@ -0,0 +1,73 @@
|
|||
---
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
when: repository_path | search ("/usr")
|
||||
|
||||
- name: "{{ repository_path }} is versioned with git"
|
||||
command: "git init ."
|
||||
args:
|
||||
chdir: "{{ repository_path }}"
|
||||
creates: "{{ repository_path }}/.git/"
|
||||
warn: no
|
||||
register: git_init
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: Git user.email is configured
|
||||
git_config:
|
||||
name: user.email
|
||||
repo: "{{ repository_path }}"
|
||||
scope: local
|
||||
value: "root@{{ ansible_fqdn | default('localhost') }}"
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "{{ repository_path }}/.git is restricted to root"
|
||||
file:
|
||||
path: "{{ repository_path }}/.git"
|
||||
owner: root
|
||||
mode: "0700"
|
||||
state: directory
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "{{ repository_path }}/.gitignore is present"
|
||||
copy:
|
||||
src: gitignore
|
||||
dest: "{{ repository_path }}/.gitignore"
|
||||
owner: root
|
||||
mode: "0600"
|
||||
force: no
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
|
||||
lineinfile:
|
||||
dest: "{{ repository_path }}/.gitignore"
|
||||
line: "{{ item }}"
|
||||
with_items: "{{ gitignore_items | default([]) }}"
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "does {{ repository_path }}/ have any commit?"
|
||||
command: "git log"
|
||||
args:
|
||||
chdir: "{{ repository_path }}"
|
||||
warn: no
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
register: git_log
|
||||
check_mode: no
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: initial commit is present?
|
||||
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
||||
args:
|
||||
chdir: "{{ repository_path }}"
|
||||
warn: no
|
||||
register: git_commit
|
||||
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
|
||||
tags:
|
||||
- etc-git
|
Loading…
Reference in a new issue