From 7104111ac4fb09e8f5cdcec2f69173453e99f514 Mon Sep 17 00:00:00 2001 From: Trey Blancher Date: Mon, 6 Apr 2026 12:27:23 -0400 Subject: [PATCH] Deleted non-role playbooks, and fixed up role tasks --- arch_upgrade.yml | 28 ------------- build_needs_reboot.yml | 22 ----------- debian_upgrade.yml | 11 ------ kernel_func | 39 ------------------- reboot.yml | 19 --------- .../arch_update/tasks/aur_rebuild.yaml | 0 roles/arch_update/tasks/aur_upgrade.yaml | 3 +- roles/arch_update/tasks/main.yaml | 3 +- roles/debian_update/tasks/apt_upgrade.yaml | 8 ++-- roles/debian_update/tasks/main.yaml | 3 +- roles/reboot/tasks/main.yaml | 2 + stop_mollyguard | 6 --- 12 files changed, 11 insertions(+), 133 deletions(-) delete mode 100644 arch_upgrade.yml delete mode 100644 build_needs_reboot.yml delete mode 100644 debian_upgrade.yml delete mode 100644 kernel_func delete mode 100644 reboot.yml rename aur_rebuild.yml => roles/arch_update/tasks/aur_rebuild.yaml (100%) delete mode 100644 stop_mollyguard diff --git a/arch_upgrade.yml b/arch_upgrade.yml deleted file mode 100644 index 936bfe5..0000000 --- a/arch_upgrade.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: All Arch hosts up-to-date - hosts: arch - tasks: - - name: Get current Python minor version - ansible.builtin.shell: - cmd: python --version | grep -Po '\d+\.\d+' - register: orig_python - changed_when: false - - name: Full repository upgrade - become: true - community.general.pacman: - update_cache: true - upgrade: true - - name: Get new Python minor version - ansible.builtin.shell: - cmd: python --version | grep -Po '\d+\.\d+' - changed_when: false - register: new_python - - name: AUR upgrade - aur: - use: pikaur - upgrade: true - aur_only: true - - import_tasks: aur_rebuild.yml - vars: - package_pattern: python - when: - - new_python.stdout is version(orig_python.stdout, '>', version_type='strict') diff --git a/build_needs_reboot.yml b/build_needs_reboot.yml deleted file mode 100644 index 055b2fe..0000000 --- a/build_needs_reboot.yml +++ /dev/null @@ -1,22 +0,0 @@ -- name: Create test script to determine if reboot is necessary - hosts: arch debian firewall - tasks: - - name: Create ~/bin if it doesn't already exist - ansible.builtin.shell: - cmd: mkdir ~/bin - args: - creates: ~/bin/ - - name: Build needs_reboot - ansible.builtin.shell: - cmd: | - print '#!/usr/bin/env zsh' > needs_reboot - source ~/.zsh_functions - declare -f kernel_func >> needs_reboot - perl -pi -e 'if (/OK/) { $_ = "\t\techo no\n" }' needs_reboot - perl -pi -e 'if (/needs reboot/) { $_ = "\t\techo yes\n" }' needs_reboot - printf "\n\n\nkernel_func\n" >> needs_reboot - chmod +x needs_reboot - args: - #creates: needs_reboot - executable: /usr/bin/zsh - chdir: ~/bin/ diff --git a/debian_upgrade.yml b/debian_upgrade.yml deleted file mode 100644 index 0e6f6bc..0000000 --- a/debian_upgrade.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: All Debian hosts up-to-date - hosts: debian - tasks: - - name: Full system upgrade - become: true - ansible.builtin.apt: - #executable: /usr/bin/pikaur - update_cache: true - name: "*" - state: latest - #upgrade: true diff --git a/kernel_func b/kernel_func deleted file mode 100644 index e3fc941..0000000 --- a/kernel_func +++ /dev/null @@ -1,39 +0,0 @@ -kernel_func () { - distro="$(awk -F= '/^ID/ {print $NF}' /etc/os-release)" - if [[ "${distro}" == arch ]] - then - package="$(pacman -Q \ - | grep -vE -- '-(firmware|api|keyring|linux|docs|headers)' \ - | grep linux | awk '{print $1}')" - current_kernel=$(uname -r) - next_kernel="$(pacman -Q | grep "${package}" \ - | awk '{print $NF}' | tail -1 | tr -d '\n')" - current_ucode=$(awk -F'[[:space:]]*:[[:space:]]*' '/microcode/ {print $2}' /proc/cpuinfo | uniq) - if whence iucode_tool &> /dev/null - then - next_ucode=$(iucode_tool -lqS /lib/firmware/intel-ucode/ | grep -Po 'rev 0x\d+' | tr -d '[rev ]' | tail -1) - fi - if [[ "${current_kernel}" =~ ${next_kernel} ]] - then - if [[ -n "${next_ucode}" ]] && [[ "${current_ucode}" == ${next_ucode} ]] || [[ -z ${intel_ucode} ]]; - then - print -P "[%F{#00ff00}OK%f]" - else - print -P "[%F{yellow}needs reboot%f]" - fi - else - print -P "[%F{yellow}needs reboot%f]" - fi - elif [[ "${distro}" == debian ]] - then - current_kernel="$(uname -v | awk '{print $5}')" - next_kernel="$(dpkg -l | grep -P '^ii\s+linux-image' | awk '{print $3}' \ - | sort -Vu | tail -1)" - if [[ "${current_kernel}" == ${next_kernel} ]] - then - print -P "[%F{#00ff00}OK%f]" - else - print -P "[%F{yellow}needs reboot%f]" - fi - fi -} diff --git a/reboot.yml b/reboot.yml deleted file mode 100644 index c348b3f..0000000 --- a/reboot.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: Determine if a reboot is necessary - ansible.builtin.command: - cmd: ~/bin/needs_reboot - register: needs_reboot -- name: Stop mollyguard if active - become: true - ansible.builtin.script: stop_mollyguard - register: mg -- name: Print mg dict - ansible.builtin.debug: - var: mg - when: needs_reboot.stdout == "yes" -- name: Conditionally reboot - become: true - ansible.builtin.reboot: - when: - - inventory_hostname not in groups['control'] - - mg.failed is false - - needs_reboot.stdout == "yes" diff --git a/aur_rebuild.yml b/roles/arch_update/tasks/aur_rebuild.yaml similarity index 100% rename from aur_rebuild.yml rename to roles/arch_update/tasks/aur_rebuild.yaml diff --git a/roles/arch_update/tasks/aur_upgrade.yaml b/roles/arch_update/tasks/aur_upgrade.yaml index 0141c22..08f20ad 100644 --- a/roles/arch_update/tasks/aur_upgrade.yaml +++ b/roles/arch_update/tasks/aur_upgrade.yaml @@ -6,7 +6,8 @@ aur_only: true - name: Rebuild AUR Python packages if version changed - ansible.builtin.import_tasks: aur_rebuild.yml + ansible.builtin.import_tasks: aur_rebuild.yaml + check_mode: false vars: package_pattern: python when: new_python is version(orig_python, '>', version_type='strict') diff --git a/roles/arch_update/tasks/main.yaml b/roles/arch_update/tasks/main.yaml index a9189ea..7eddde9 100644 --- a/roles/arch_update/tasks/main.yaml +++ b/roles/arch_update/tasks/main.yaml @@ -13,5 +13,4 @@ target_var: new_python - name: Perform AUR updates and rebuilds - ansible.builtin.import_tasks: aur_update.yml - + ansible.builtin.import_tasks: aur_upgrade.yaml diff --git a/roles/debian_update/tasks/apt_upgrade.yaml b/roles/debian_update/tasks/apt_upgrade.yaml index 8e980ca..3eb3260 100644 --- a/roles/debian_update/tasks/apt_upgrade.yaml +++ b/roles/debian_update/tasks/apt_upgrade.yaml @@ -1,5 +1,5 @@ - name: Full system upgrade - become: true - ansible.builtin.apt: - update_cache: true - upgrade: full + become: true + ansible.builtin.apt: + update_cache: true + upgrade: full diff --git a/roles/debian_update/tasks/main.yaml b/roles/debian_update/tasks/main.yaml index c139aa5..63237ec 100644 --- a/roles/debian_update/tasks/main.yaml +++ b/roles/debian_update/tasks/main.yaml @@ -1 +1,2 @@ -- name: Perform official repository updates ansible.builtin.import_tasks: apt_upgrade.yaml +- name: Perform official repository updates + ansible.builtin.import_tasks: apt_upgrade.yaml diff --git a/roles/reboot/tasks/main.yaml b/roles/reboot/tasks/main.yaml index 1d2b5a9..dde1672 100644 --- a/roles/reboot/tasks/main.yaml +++ b/roles/reboot/tasks/main.yaml @@ -6,5 +6,7 @@ failed_when: false # Trigger the handler ONLY if the script returns true (exit code 0) changed_when: reboot_check.rc == 0 + # Forces this specific task to run during a dry run + check_mode: false notify: Reboot system diff --git a/stop_mollyguard b/stop_mollyguard deleted file mode 100644 index 421e147..0000000 --- a/stop_mollyguard +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -if systemctl is-active mollyguard; then - systemctl stop mollyguard -fi -