--- - name: Git is installed (Debian) apt: name: git state: present tags: - etc-git - name: /etc is versioned with git command: "git init ." args: chdir: /etc creates: /etc/.git/ warn: no register: git_init tags: - etc-git - name: Git user.email is configured git_config: name: user.email repo: /etc scope: local value: "root@{{ ansible_fqdn | default('localhost') }}" tags: - etc-git - name: /etc/.git is restricted to root file: path: /etc/.git owner: root mode: "0700" state: directory tags: - etc-git - name: /etc/.gitignore is present copy: src: gitignore dest: /etc/.gitignore owner: root mode: "0600" force: no tags: - etc-git - name: Some entries MUST be in the /etc/.gitignore file lineinfile: dest: /etc/.gitignore line: "{{ item }}" with_items: - "aliases.db" - "*.swp" - "postfix/sa-blacklist.access" - "postfix/*.db" - "postfix/spamd.cidr" - "evobackup/.keep-*" tags: - etc-git - name: does /etc/ have any commit? command: "git log" args: chdir: /etc warn: no changed_when: False failed_when: False register: git_log check_mode: no tags: - etc-git - name: initial commit is present? shell: "git add -A . && git commit -m \"Initial commit via Ansible\"" args: chdir: /etc warn: no register: git_commit when: git_log.rc != 0 or (git_init is defined and git_init.changed) tags: - etc-git - name: Optimize script is installed in monthly crontab copy: src: optimize-etc-git dest: /etc/cron.monthly/optimize-etc-git mode: "0750" force: no tags: - etc-git - name: Cron job for /etc/.git status is installed template: src: etc-git-status.j2 dest: /etc/cron.d/etc-git-status mode: "0644" when: etc_git_monitor_status tags: - etc-git - name: Cron job for /etc/.git status is removed file: dest: /etc/cron.d/etc-git-status state: absent when: not etc_git_monitor_status tags: - etc-git