etc-git: add versioning for /usr/share/scripts on Debian 10+
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
The repository.yml task file is generic and can be called for vrious repositories. On Debian 10, /usr/share/scripts is versioned
This commit is contained in:
parent
6b77372f24
commit
049d36ab8f
|
@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release.
|
||||||
* apt: check if cron is installed before adding a cron job
|
* apt: check if cron is installed before adding a cron job
|
||||||
* apt: remove jessie/buster sources from Gandi servers
|
* apt: remove jessie/buster sources from Gandi servers
|
||||||
* certbot : new role to install and configure certbot
|
* certbot : new role to install and configure certbot
|
||||||
|
* etc-git: add versioning for /usr/share/scripts on Debian 10+
|
||||||
* evoacme: upstream version 19.11
|
* evoacme: upstream version 19.11
|
||||||
* evolinux-base: default value for "evolinux_ssh_group"
|
* evolinux-base: default value for "evolinux_ssh_group"
|
||||||
* evolinux-base: install /sbin/deny
|
* evolinux-base: install /sbin/deny
|
||||||
|
|
|
@ -7,80 +7,30 @@
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: /etc is versioned with git
|
- include: repository.yml
|
||||||
command: "git init ."
|
vars:
|
||||||
args:
|
repository_path: "/etc"
|
||||||
chdir: /etc
|
gitignore_items:
|
||||||
creates: /etc/.git/
|
- "aliases.db"
|
||||||
warn: no
|
- "*.swp"
|
||||||
register: git_init
|
- "postfix/sa-blacklist.access"
|
||||||
tags:
|
- "postfix/*.db"
|
||||||
- etc-git
|
- "postfix/spamd.cidr"
|
||||||
|
- "evobackup/.keep-*"
|
||||||
|
- "letsencrypt/.certbot.lock"
|
||||||
|
|
||||||
- name: Git user.email is configured
|
- name: verify /usr/share/scripts presence
|
||||||
git_config:
|
stat:
|
||||||
name: user.email
|
path: /usr/share/scripts
|
||||||
repo: /etc
|
register: _usr_share_scripts
|
||||||
scope: local
|
|
||||||
value: "root@{{ ansible_fqdn | default('localhost') }}"
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
|
|
||||||
- name: /etc/.git is restricted to root
|
- include: repository.yml
|
||||||
file:
|
vars:
|
||||||
path: /etc/.git
|
repository_path: "/usr/share/scripts"
|
||||||
owner: root
|
gitignore_items: []
|
||||||
mode: "0700"
|
when:
|
||||||
state: directory
|
- _usr_share_scripts.stat.isdir
|
||||||
tags:
|
- ansible_distribution_major_version | version_compare('10', '>=')
|
||||||
- etc-git
|
|
||||||
|
|
||||||
- name: /etc/.gitignore is present
|
|
||||||
copy:
|
|
||||||
src: gitignore
|
|
||||||
dest: /etc/.gitignore
|
|
||||||
owner: root
|
|
||||||
mode: "0600"
|
|
||||||
force: no
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
|
|
||||||
- name: Some entries MUST be in the /etc/.gitignore file
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/.gitignore
|
|
||||||
line: "{{ item }}"
|
|
||||||
with_items:
|
|
||||||
- "aliases.db"
|
|
||||||
- "*.swp"
|
|
||||||
- "postfix/sa-blacklist.access"
|
|
||||||
- "postfix/*.db"
|
|
||||||
- "postfix/spamd.cidr"
|
|
||||||
- "evobackup/.keep-*"
|
|
||||||
- "letsencrypt/.certbot.lock"
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
|
|
||||||
- name: does /etc/ have any commit?
|
|
||||||
command: "git log"
|
|
||||||
args:
|
|
||||||
chdir: /etc
|
|
||||||
warn: no
|
|
||||||
changed_when: False
|
|
||||||
failed_when: False
|
|
||||||
register: git_log
|
|
||||||
check_mode: no
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
|
|
||||||
- name: initial commit is present?
|
|
||||||
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
|
||||||
args:
|
|
||||||
chdir: /etc
|
|
||||||
warn: no
|
|
||||||
register: git_commit
|
|
||||||
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
|
|
||||||
- name: Check if cron is installed
|
- name: Check if cron is installed
|
||||||
shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
|
shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
|
||||||
|
|
73
etc-git/tasks/repository.yml
Normal file
73
etc-git/tasks/repository.yml
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: remount-usr
|
||||||
|
when: repository_path | search ("/usr")
|
||||||
|
|
||||||
|
- name: "{{ repository_path }} is versioned with git"
|
||||||
|
command: "git init ."
|
||||||
|
args:
|
||||||
|
chdir: "{{ repository_path }}"
|
||||||
|
creates: "{{ repository_path }}/.git/"
|
||||||
|
warn: no
|
||||||
|
register: git_init
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
||||||
|
- name: Git user.email is configured
|
||||||
|
git_config:
|
||||||
|
name: user.email
|
||||||
|
repo: "{{ repository_path }}"
|
||||||
|
scope: local
|
||||||
|
value: "root@{{ ansible_fqdn | default('localhost') }}"
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
||||||
|
- name: "{{ repository_path }}/.git is restricted to root"
|
||||||
|
file:
|
||||||
|
path: "{{ repository_path }}/.git"
|
||||||
|
owner: root
|
||||||
|
mode: "0700"
|
||||||
|
state: directory
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
||||||
|
- name: "{{ repository_path }}/.gitignore is present"
|
||||||
|
copy:
|
||||||
|
src: gitignore
|
||||||
|
dest: "{{ repository_path }}/.gitignore"
|
||||||
|
owner: root
|
||||||
|
mode: "0600"
|
||||||
|
force: no
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
||||||
|
- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ repository_path }}/.gitignore"
|
||||||
|
line: "{{ item }}"
|
||||||
|
with_items: "{{ gitignore_items | default([]) }}"
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
||||||
|
- name: "does {{ repository_path }}/ have any commit?"
|
||||||
|
command: "git log"
|
||||||
|
args:
|
||||||
|
chdir: "{{ repository_path }}"
|
||||||
|
warn: no
|
||||||
|
changed_when: False
|
||||||
|
failed_when: False
|
||||||
|
register: git_log
|
||||||
|
check_mode: no
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
||||||
|
- name: initial commit is present?
|
||||||
|
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
||||||
|
args:
|
||||||
|
chdir: "{{ repository_path }}"
|
||||||
|
warn: no
|
||||||
|
register: git_commit
|
||||||
|
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
|
||||||
|
tags:
|
||||||
|
- etc-git
|
Loading…
Reference in a new issue