Deleted non-role playbooks, and fixed up role tasks

arch_upgrade.yml

@@ -1,28 +0,0 @@
-- name: All Arch hosts up-to-date
-  hosts: arch
-  tasks:
-    - name: Get current Python minor version
-      ansible.builtin.shell:
-        cmd: python --version | grep -Po '\d+\.\d+'
-      register:  orig_python
-      changed_when:  false
-    - name: Full repository upgrade
-      become: true
-      community.general.pacman:
-        update_cache: true
-        upgrade: true
-    - name: Get new Python minor version
-      ansible.builtin.shell:
-        cmd: python --version | grep -Po '\d+\.\d+'
-      changed_when:  false
-      register:  new_python
-    - name:  AUR upgrade
-      aur:
-        use:  pikaur
-        upgrade:  true
-        aur_only:  true
-    - import_tasks:  aur_rebuild.yml
-      vars:
-        package_pattern:  python
-      when:
-        - new_python.stdout is version(orig_python.stdout, '>', version_type='strict')

build_needs_reboot.yml

@@ -1,22 +0,0 @@
-- name:  Create test script to determine if reboot is necessary
-  hosts:  arch debian firewall
-  tasks:
-    - name: Create ~/bin if it doesn't already exist
-      ansible.builtin.shell:
-        cmd:  mkdir  ~/bin
-      args:
-        creates:  ~/bin/
-    - name:  Build needs_reboot
-      ansible.builtin.shell: 
-        cmd:  |
-          print '#!/usr/bin/env zsh' > needs_reboot
-          source ~/.zsh_functions
-          declare -f kernel_func >> needs_reboot
-          perl -pi -e 'if (/OK/) { $_ = "\t\techo no\n" }' needs_reboot
-          perl -pi -e 'if (/needs reboot/) { $_ = "\t\techo yes\n" }' needs_reboot
-          printf "\n\n\nkernel_func\n" >> needs_reboot
-          chmod +x needs_reboot
-      args:
-        #creates:  needs_reboot
-        executable:  /usr/bin/zsh
-        chdir:  ~/bin/

debian_upgrade.yml

@@ -1,11 +0,0 @@
-- name: All Debian hosts up-to-date
-  hosts: debian
-  tasks:
-    - name: Full system upgrade
-      become: true
-      ansible.builtin.apt:
-        #executable:  /usr/bin/pikaur
-        update_cache: true
-        name: "*"
-        state:  latest
-        #upgrade: true

kernel_func

@@ -1,39 +0,0 @@
-kernel_func () {
-	distro="$(awk -F= '/^ID/ {print $NF}' /etc/os-release)" 
-	if [[ "${distro}" == arch ]]
-	then
-		package="$(pacman -Q \
-            | grep -vE -- '-(firmware|api|keyring|linux|docs|headers)' \
-            | grep linux | awk '{print $1}')" 
-		current_kernel=$(uname -r) 
-		next_kernel="$(pacman -Q | grep "${package}" \
-            | awk '{print $NF}' | tail -1 | tr -d '\n')" 
-		current_ucode=$(awk -F'[[:space:]]*:[[:space:]]*' '/microcode/ {print $2}' /proc/cpuinfo | uniq) 
-		if whence iucode_tool &> /dev/null
-		then
-			next_ucode=$(iucode_tool -lqS /lib/firmware/intel-ucode/ | grep -Po 'rev 0x\d+' | tr -d '[rev ]' | tail -1) 
-		fi
-		if [[ "${current_kernel}" =~ ${next_kernel} ]]
-		then
-			if [[ -n "${next_ucode}" ]] && [[ "${current_ucode}" == ${next_ucode} ]] || [[ -z ${intel_ucode} ]];
-			then
-				print -P "[%F{#00ff00}OK%f]"
-			else
-				print -P "[%F{yellow}needs reboot%f]"
-			fi
-		else
-			print -P "[%F{yellow}needs reboot%f]"
-		fi
-	elif [[ "${distro}" == debian ]]
-	then
-		current_kernel="$(uname -v | awk '{print $5}')" 
-		next_kernel="$(dpkg -l | grep -P '^ii\s+linux-image' | awk '{print $3}' \
-            | sort -Vu | tail -1)" 
-		if [[ "${current_kernel}" == ${next_kernel} ]]
-		then
-			print -P "[%F{#00ff00}OK%f]"
-		else
-			print -P "[%F{yellow}needs reboot%f]"
-		fi
-	fi
-}

reboot.yml

@@ -1,19 +0,0 @@
-- name:  Determine if a reboot is necessary
-  ansible.builtin.command:
-    cmd:  ~/bin/needs_reboot
-  register:  needs_reboot
-- name:  Stop mollyguard if active
-  become:  true
-  ansible.builtin.script:  stop_mollyguard
-  register:  mg
-- name:  Print mg dict
-  ansible.builtin.debug:
-    var: mg
-  when:  needs_reboot.stdout == "yes"
-- name:  Conditionally reboot
-  become:  true
-  ansible.builtin.reboot:
-  when:
-    - inventory_hostname not in groups['control']
-    - mg.failed is false
-    - needs_reboot.stdout == "yes"

roles/arch_update/tasks/aur_upgrade.yaml

@@ -6,7 +6,8 @@
     aur_only: true
 
 - name: Rebuild AUR Python packages if version changed
-  ansible.builtin.import_tasks: aur_rebuild.yml
+  ansible.builtin.import_tasks: aur_rebuild.yaml
+  check_mode:  false
   vars:
     package_pattern: python
   when: new_python is version(orig_python, '>', version_type='strict')

roles/arch_update/tasks/main.yaml

@@ -13,5 +13,4 @@
     target_var: new_python
 
 - name: Perform AUR updates and rebuilds
-  ansible.builtin.import_tasks: aur_update.yml
+  ansible.builtin.import_tasks: aur_upgrade.yaml
-

roles/debian_update/tasks/apt_upgrade.yaml

@@ -1,5 +1,5 @@
 - name: Full system upgrade
-     become: true
+  become: true
-     ansible.builtin.apt:
+  ansible.builtin.apt:
-       update_cache: true
+    update_cache: true
-       upgrade:  full
+    upgrade:  full

roles/debian_update/tasks/main.yaml

@@ -1 +1,2 @@
-- name: Perform official repository updates               ansible.builtin.import_tasks: apt_upgrade.yaml
+- name: Perform official repository updates
+  ansible.builtin.import_tasks: apt_upgrade.yaml

roles/reboot/tasks/main.yaml

@@ -6,5 +6,7 @@
   failed_when: false
   # Trigger the handler ONLY if the script returns true (exit code 0)
   changed_when: reboot_check.rc == 0
+  # Forces this specific task to run during a dry run
+  check_mode: false  
   notify: Reboot system
 

stop_mollyguard

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-if systemctl is-active mollyguard; then
-    systemctl stop mollyguard
-fi
-