etc-git: add versioning for /usr/share/scripts on Debian 10+

The repository.yml task file is generic and can be called for vrious repositories. On Debian 10, /usr/share/scripts is versioned
2019-11-05 17:00:22 +01:00 · 2019-11-05 17:00:22 +01:00 · 049d36ab8f
parent 6b77372f24
commit 049d36ab8f
3 changed files with 96 additions and 72 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release.
 * apt: check if cron is installed before adding a cron job
 * apt: remove jessie/buster sources from Gandi servers
 * certbot : new role to install and configure certbot
+* etc-git: add versioning for /usr/share/scripts on Debian 10+
 * evoacme: upstream version 19.11
 * evolinux-base: default value for "evolinux_ssh_group"
 * evolinux-base: install /sbin/deny
--- a/etc-git/tasks/main.yml
+++ b/etc-git/tasks/main.yml
@ -7,80 +7,30 @@
  tags:
    - etc-git

- name: /etc is versioned with git
-  command: "git init ."
-  args:
-    chdir: /etc
-    creates: /etc/.git/
-    warn: no
-  register: git_init
-  tags:
-    - etc-git
+- include: repository.yml
+  vars:
+    repository_path: "/etc"
+    gitignore_items:
+      - "aliases.db"
+      - "*.swp"
+      - "postfix/sa-blacklist.access"
+      - "postfix/*.db"
+      - "postfix/spamd.cidr"
+      - "evobackup/.keep-*"
+      - "letsencrypt/.certbot.lock"

- name: Git user.email is configured
-  git_config:
-    name: user.email
-    repo: /etc
-    scope: local
-    value: "root@{{ ansible_fqdn | default('localhost') }}"
-  tags:
-    - etc-git
+- name: verify /usr/share/scripts presence
+  stat:
+    path: /usr/share/scripts
+  register: _usr_share_scripts

- name: /etc/.git is restricted to root
-  file:
-    path: /etc/.git
-    owner: root
-    mode: "0700"
-    state: directory
-  tags:
-    - etc-git
-
- name: /etc/.gitignore is present
-  copy:
-    src: gitignore
-    dest: /etc/.gitignore
-    owner: root
-    mode: "0600"
-    force: no
-  tags:
-    - etc-git
-
- name: Some entries MUST be in the /etc/.gitignore file
-  lineinfile:
-    dest: /etc/.gitignore
-    line: "{{ item }}"
-  with_items:
-    - "aliases.db"
-    - "*.swp"
-    - "postfix/sa-blacklist.access"
-    - "postfix/*.db"
-    - "postfix/spamd.cidr"
-    - "evobackup/.keep-*"
-    - "letsencrypt/.certbot.lock"
-  tags:
-    - etc-git
-
- name: does /etc/ have any commit?
-  command: "git log"
-  args:
-    chdir: /etc
-    warn: no
-  changed_when: False
-  failed_when: False
-  register: git_log
-  check_mode: no
-  tags:
-    - etc-git
-
- name: initial commit is present?
-  shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
-  args:
-    chdir: /etc
-    warn: no
-  register: git_commit
-  when: git_log.rc != 0 or (git_init is defined and git_init.changed)
-  tags:
-    - etc-git
+- include: repository.yml
+  vars:
+    repository_path: "/usr/share/scripts"
+    gitignore_items: []
+  when:
+    - _usr_share_scripts.stat.isdir
+    - ansible_distribution_major_version | version_compare('10', '>=')

 - name: Check if cron is installed
  shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
--- a/etc-git/tasks/repository.yml
+++ b/etc-git/tasks/repository.yml
@ -0,0 +1,73 @@
+---
+
+- include_role:
+    name: remount-usr
+  when: repository_path | search ("/usr")
+
+- name: "{{ repository_path }} is versioned with git"
+  command: "git init ."
+  args:
+    chdir: "{{ repository_path }}"
+    creates: "{{ repository_path }}/.git/"
+    warn: no
+  register: git_init
+  tags:
+    - etc-git
+
+- name: Git user.email is configured
+  git_config:
+    name: user.email
+    repo: "{{ repository_path }}"
+    scope: local
+    value: "root@{{ ansible_fqdn | default('localhost') }}"
+  tags:
+    - etc-git
+
+- name: "{{ repository_path }}/.git is restricted to root"
+  file:
+    path: "{{ repository_path }}/.git"
+    owner: root
+    mode: "0700"
+    state: directory
+  tags:
+    - etc-git
+
+- name: "{{ repository_path }}/.gitignore is present"
+  copy:
+    src: gitignore
+    dest: "{{ repository_path }}/.gitignore"
+    owner: root
+    mode: "0600"
+    force: no
+  tags:
+    - etc-git
+
+- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
+  lineinfile:
+    dest: "{{ repository_path }}/.gitignore"
+    line: "{{ item }}"
+  with_items: "{{ gitignore_items | default([]) }}"
+  tags:
+    - etc-git
+
+- name: "does {{ repository_path }}/ have any commit?"
+  command: "git log"
+  args:
+    chdir: "{{ repository_path }}"
+    warn: no
+  changed_when: False
+  failed_when: False
+  register: git_log
+  check_mode: no
+  tags:
+    - etc-git
+
+- name: initial commit is present?
+  shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
+  args:
+    chdir: "{{ repository_path }}"
+    warn: no
+  register: git_commit
+  when: git_log.rc != 0 or (git_init is defined and git_init.changed)
+  tags:
+    - etc-git