From 5dc6a1d36b15bd126d9bbf793c559c8035ea10a1 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Wed, 23 Mar 2022 15:07:32 +0100
Subject: [PATCH] etc-git: Commit changes to /etc in containers

---
 CHANGELOG.md                 |  1 +
 etc-git/tasks/commit.yml     | 27 +++++++++++++++++++++++++++
 etc-git/tasks/lxc_commit.yml | 35 +++++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+)
 create mode 100644 etc-git/tasks/lxc_commit.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 49307328..379c0c10 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 ### Added
 
 * minifirewall: configure proxy/backup/sysctl values
+* etc-git: Commit /etc in lxc containers when they are git repositories
 
 ### Changed
 
diff --git a/etc-git/tasks/commit.yml b/etc-git/tasks/commit.yml
index 3f993771..2098aeeb 100644
--- a/etc-git/tasks/commit.yml
+++ b/etc-git/tasks/commit.yml
@@ -50,3 +50,30 @@
   when:
     - _usr_share_scripts_git.stat.exists
     - _usr_share_scripts_git.stat.isdir
+
+- name: Check if there are lxc containers
+  stat:
+    path: /var/lib/lxc
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
+  register: _var_lib_lxc
+
+- name: Get lxc containers and commit their /etc when needed
+  block:
+    - name: Get all lxc containers
+      find:
+        paths: /var/lib/lxc
+        recurse: no
+        file_type: directory
+      register: _lxc_containers
+
+    - name: "Commit /etc in all containers"
+      include_tasks:
+        file: lxc_commit.yml
+      loop: "{{ _lxc_containers.files | map(attribute='path') | map('basename') }}"
+      loop_control:
+        loop_var: container
+  when:
+    - _var_lib_lxc.stat.exists
+    - _var_lib_lxc.stat.isdir or _var_lib_lxc.stat.islnk
diff --git a/etc-git/tasks/lxc_commit.yml b/etc-git/tasks/lxc_commit.yml
new file mode 100644
index 00000000..26fc8738
--- /dev/null
+++ b/etc-git/tasks/lxc_commit.yml
@@ -0,0 +1,35 @@
+---
+- name: "Assert that we have been called with `container` defined"
+  assert:
+    that:
+      - container is defined
+
+- name: "Define path to /etc in {{ container }} container"
+  set_fact:
+    container_etc: "{{ ('/var/lib/lxc', container, 'rootfs/etc') | path_join }}"
+
+- name: "Check if /etc is a git repository in {{ container }}"
+  stat:
+    path: "{{ (container_etc, '.git') | path_join }}"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
+  register: "container_etc_git"
+
+- name: "Evocommit /etc of {{ container }}"
+  command:
+    argv:
+      - /usr/local/bin/evocommit
+      - '--ansible'
+      - '--repository'
+      - "{{ container_etc }}"
+      - '--message'
+      - "{{ commit_message | mandatory }}"
+  changed_when:
+    - "container_etc_git_commit.stdout"
+    - "'CHANGED:' in container_etc_git_commit.stdout"
+  ignore_errors: yes
+  register: "container_etc_git_commit"
+  when:
+    - "container_etc_git.stat.exists"
+    - "container_etc_git.stat.isdir"