2016-11-07 14:00:57 +01:00
|
|
|
---
|
|
|
|
|
|
2017-07-28 03:33:34 +02:00
|
|
|
- name: Git is installed (Debian)
|
2016-11-07 14:00:57 +01:00
|
|
|
apt:
|
|
|
|
|
name: git
|
|
|
|
|
state: present
|
2018-03-16 14:20:25 +01:00
|
|
|
tags:
|
|
|
|
|
- etc-git
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
|
- name: /etc is versioned with git
|
|
|
|
|
command: "git init ."
|
|
|
|
|
args:
|
|
|
|
|
chdir: /etc
|
|
|
|
|
creates: /etc/.git/
|
2017-05-19 22:30:51 +02:00
|
|
|
warn: no
|
2016-11-07 14:00:57 +01:00
|
|
|
register: git_init
|
2018-03-16 14:20:25 +01:00
|
|
|
tags:
|
|
|
|
|
- etc-git
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2017-01-03 09:20:39 +01:00
|
|
|
- name: Git user.email is configured
|
2017-07-27 22:50:23 +02:00
|
|
|
git_config:
|
|
|
|
|
name: user.email
|
|
|
|
|
repo: /etc
|
|
|
|
|
scope: local
|
|
|
|
|
value: "root@{{ ansible_fqdn | default('localhost') }}"
|
2018-03-16 14:20:25 +01:00
|
|
|
tags:
|
|
|
|
|
- etc-git
|
2017-01-03 09:20:39 +01:00
|
|
|
|
2018-08-24 14:44:51 +02:00
|
|
|
- name: /etc/.git is restricted to root
|
2016-12-26 12:10:13 +01:00
|
|
|
file:
|
|
|
|
|
path: /etc/.git
|
|
|
|
|
owner: root
|
2017-03-23 16:59:43 +01:00
|
|
|
mode: "0700"
|
2016-12-26 12:10:13 +01:00
|
|
|
state: directory
|
2018-03-16 14:20:25 +01:00
|
|
|
tags:
|
|
|
|
|
- etc-git
|
2016-12-26 12:10:13 +01:00
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
- name: /etc/.gitignore is present
|
|
|
|
|
copy:
|
|
|
|
|
src: gitignore
|
|
|
|
|
dest: /etc/.gitignore
|
|
|
|
|
owner: root
|
2017-03-23 16:59:43 +01:00
|
|
|
mode: "0600"
|
2018-08-24 14:44:51 +02:00
|
|
|
force: no
|
|
|
|
|
tags:
|
|
|
|
|
- etc-git
|
|
|
|
|
|
|
|
|
|
- name: Some entries MUST be in the /etc/.gitignore file
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: /etc/.gitignore
|
|
|
|
|
line: "{{ item }}"
|
|
|
|
|
with_items:
|
|
|
|
|
- "aliases.db"
|
|
|
|
|
- "*.swp"
|
|
|
|
|
- "postfix/sa-blacklist.access"
|
|
|
|
|
- "postfix/*.db"
|
|
|
|
|
- "postfix/spamd.cidr"
|
2019-02-19 16:09:32 +01:00
|
|
|
- "evobackup/.keep-*"
|
2018-03-16 14:20:25 +01:00
|
|
|
tags:
|
|
|
|
|
- etc-git
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
|
- name: does /etc/ have any commit?
|
|
|
|
|
command: "git log"
|
|
|
|
|
args:
|
|
|
|
|
chdir: /etc
|
2017-05-19 22:30:51 +02:00
|
|
|
warn: no
|
2016-11-07 14:00:57 +01:00
|
|
|
changed_when: False
|
|
|
|
|
failed_when: False
|
|
|
|
|
register: git_log
|
2017-03-24 14:15:09 +01:00
|
|
|
check_mode: no
|
2018-03-16 14:20:25 +01:00
|
|
|
tags:
|
|
|
|
|
- etc-git
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
|
- name: initial commit is present?
|
|
|
|
|
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
|
|
|
|
args:
|
|
|
|
|
chdir: /etc
|
2017-05-19 22:30:51 +02:00
|
|
|
warn: no
|
2016-11-07 14:00:57 +01:00
|
|
|
register: git_commit
|
2016-12-21 15:44:36 +01:00
|
|
|
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
|
2018-03-16 14:20:25 +01:00
|
|
|
tags:
|
|
|
|
|
- etc-git
|
2018-08-24 00:28:15 +02:00
|
|
|
|
|
|
|
|
- name: Optimize script is installed in monthly crontab
|
|
|
|
|
copy:
|
|
|
|
|
src: optimize-etc-git
|
|
|
|
|
dest: /etc/cron.monthly/optimize-etc-git
|
|
|
|
|
mode: "0750"
|
|
|
|
|
force: no
|
|
|
|
|
tags:
|
|
|
|
|
- etc-git
|
2018-09-07 21:49:30 +02:00
|
|
|
|
2018-09-08 01:05:58 +02:00
|
|
|
- name: Cron job for /etc/.git status is installed
|
2018-09-08 00:53:09 +02:00
|
|
|
template:
|
|
|
|
|
src: etc-git-status.j2
|
|
|
|
|
dest: /etc/cron.d/etc-git-status
|
|
|
|
|
mode: "0644"
|
2018-09-08 01:05:58 +02:00
|
|
|
when: etc_git_monitor_status
|
|
|
|
|
tags:
|
|
|
|
|
- etc-git
|
|
|
|
|
|
|
|
|
|
- name: Cron job for /etc/.git status is removed
|
|
|
|
|
file:
|
|
|
|
|
dest: /etc/cron.d/etc-git-status
|
|
|
|
|
state: absent
|
|
|
|
|
when: not etc_git_monitor_status
|
2018-09-07 21:49:30 +02:00
|
|
|
tags:
|
|
|
|
|
- etc-git
|
