trey/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Trey Blancher
2026-03-08 06:55:57 -04:00
commit 63099ecf0d
9 changed files with 338 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
playbooks/arch_upgrade.yml Normal file
View File

@@ -0,0 +1,26 @@
- name: All Arch hosts up-to-date
hosts: arch
tasks:
- name: Get current Python minor version
ansible.builtin.shell:
cmd: python --version | grep -Po '\d+\.\d+'
register: orig_python
- name: Full repository upgrade
become: true
community.general.pacman:
update_cache: true
upgrade: true
- name: Get new Python minor version
ansible.builtin.shell:
cmd: python --version | grep -Po '\d+\.\d+'
register: new_python
- name: AUR upgrade
aur:
use: pikaur
upgrade: true
aur_only: true
- import_tasks: ../tasks/aur_rebuild.yml
vars:
package_pattern: python
when:
- new_python.stdout is version(orig_python.stdout, '>', version_type='strict')

22
playbooks/build_needs_reboot.yml Normal file
View File

@@ -0,0 +1,22 @@
- name: Create test script to determine if reboot is necessary
hosts: all
tasks:
- name: Create ~/bin if it doesn't already exist
ansible.builtin.shell:
cmd: mkdir ~/bin
args:
creates: ~/bin/
- name: Build needs_reboot
ansible.builtin.shell:
cmd: |
print '#!/usr/bin/env zsh' > needs_reboot
source ~/.zsh_functions
declare -f kernel_func >> needs_reboot
perl -pi -e 'if (/OK/) { $_ = "false\n" }' needs_reboot
perl -pi -e 'if (/needs reboot/) { $_ = "true\n" }' needs_reboot
printf "\n\n\nkernel_func\n" >> needs_reboot
chmod +x needs_reboot
args:
creates: needs_reboot
executable: /usr/bin/zsh
chdir: ~/bin/

11
playbooks/debian_upgrade.yml Normal file
View File

@@ -0,0 +1,11 @@
- name: All Debian hosts up-to-date
hosts: debian
tasks:
- name: Full system upgrade
become: true
ansible.builtin.apt:
#executable: /usr/bin/pikaur
update_cache: true
name: "*"
state: latest
#upgrade: true

14
playbooks/roles/arch/tasks/aur_rebuild.yml Normal file
View File

@@ -0,0 +1,14 @@
- name: Get list of AUR Python packages that need to be rebuilt
ansible.builtin.shell:
cmd:
comm -12 <(pactree -lrud1 {{ package_pattern }} | sort -u) <(pacman -Qqm | sort -u)
register: aur_packages
- name: Rebuild AUR Python packages
aur:
use: pikaur
name: '{{ item }}'
aur_only: true
extra_args: --rebuild
loop: '{{ aur_packages.stdout.split() }}'

13
playbooks/roles/common/scripts/kernel_func Normal file
View File

@@ -0,0 +1,13 @@
kernel_func () {
machine_id=$(cat /etc/machine-id)
current_kernel=$(uname -r)
current_ucode=$(awk -F'[[:space:]]*:[[:space:]]*' '/microcode/ {print $2}' /proc/cpuinfo | uniq)
[[ -f /run/next_kernel ]] && next_kernel="$(sudo cat /run/next_kernel)"
next_ucode=$(iucode_tool -lqS /lib/firmware/intel-ucode/ | grep -Po 'rev 0x\d+' | tr -d '[rev ]' | tail -1)
if [[ "${current_kernel}" == ${next_kernel} ]] && [[ "${current_ucode}" == ${next_ucode} ]] || [[ -z "${next_kernel}" ]]
then
print -P "[%F{#00ff00}OK%f]"
else
print -P "[%F{yellow}needs reboot%f]"
fi
}

6
playbooks/roles/common/scripts/stop_mollyguard Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
if systemctl is-active mollyguard; then
systemctl stop mollyguard
fi

13
playbooks/roles/common/tasks/reboot.yml Normal file
View File

@@ -0,0 +1,13 @@
- name: Stop mollyguard if active
ansible.builtin.script: scripts/stop_mollyguard
register: mg
- name: Determine if a reboot is necessary
ansible.builtin.command:
cmd: ~/bin/needs_reboot
register: needs_reboot
- name: Conditionally reboot
ansible.builtin.reboot:
when:
- inventory_hostname not in group['controller']
- mgc succeeded
- needs_reboot succeeded