trey/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit after reviewing this with Claude Opus.

Browse Source
This commit is contained in:
Trey Blancher
2026-06-08 10:14:50 -04:00
parent 16ae02bd33
commit acaefd404c
8 changed files with 26 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
roles/arch_update/tasks/aur_rebuild.yaml
+6 -3
View File
@@ -2,13 +2,16 @@
ansible.builtin.shell:
cmd:
comm -12 <(pactree -lrud1 {{ package_pattern }} | sort -u) <(pacman -Qqm | sort -u)
executable: /bin/bash
register: aur_packages
changed_when: false
failed_when: false
- name: Rebuild AUR Python packages
aur:
use: "{{ aur_helper }}"
name: '{{ item }}'
aur_only: true
extra_args: --rebuild
loop: '{{ aur_packages.stdout.split() }}'
loop: '{{ aur_packages.stdout_lines | default([]) }}'
when: aur_packages.stdout_lines | default([]) | length > 0
roles/arch_update/tasks/repo_upgrade.yaml
+4 -6
View File
@@ -6,12 +6,10 @@
upgrade: true
extra_args: "--noconfirm"
register: arch_upgrade_result
#- name: Debug full Arch upgrade output
# ansible.builtin.debug:
# var: arch_upgrade_result
failed_when:
- arch_upgrade_result.failed == true
# We ignore the failure if it's just 'nothing to do',
# # but otherwise, we let it fail so you can step in.
- "'Nothing to upgrade' not in arch_upgrade_result.msg"
- "'there is nothing to do' not in (arch_upgrade_result.stdout | default('') | lower)"
- name: Debug full Arch upgrade output
ansible.builtin.debug:
var: arch_upgrade_result
roles/debian_update/tasks/apt_upgrade.yaml
-5
View File
@@ -1,5 +0,0 @@
- name: Full system upgrade
become: true
ansible.builtin.apt:
update_cache: true
upgrade: full
roles/debian_update/tasks/main.yaml
+6 -2
View File
@@ -1,2 +1,6 @@
- name: Perform official repository updates
ansible.builtin.import_tasks: apt_upgrade.yaml
---
- name: Full system upgrade
become: true
ansible.builtin.apt:
update_cache: true
upgrade: full
roles/reboot/files/check_reboot.zsh → roles/reboot/files/check_reboot.sh
Regular → Executable
+1 -1
View File
@@ -1,4 +1,4 @@
#!/usr/bin/env zsh
#!/usr/bin/env bash
# Exit code 0 = Reboot required
# Exit code 1 = System is up to date / No reboot needed
roles/reboot/handlers/main.yaml
+1
View File
@@ -5,6 +5,7 @@
name: mollyguard.service
state: stopped
listen: Reboot system
failed_when: false
- name: Execute System Reboot
become: true
roles/reboot/tasks/main.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
---
- name: Check if kernel or microcode update requires reboot
ansible.builtin.script: check_reboot.zsh # Your script placed in files/
ansible.builtin.script: check_reboot.sh # Your script placed in files/
register: reboot_check
# Prevent Ansible from failing if the script returns false (exit code 1)
failed_when: false
systemd-creds.yaml
+1 -1
View File
@@ -22,6 +22,6 @@
- name: Create override
ansible.builtin.shell:
cmd: |
printf {{ passphrase }} | (echo "[Service]"; systemd-creds encrypt --name={{ creds_name }} --pretty - -) >> /etc/systemd/system/shared.d/00-systemd-creds.conf
printf '%s' {{ passphrase | quote }} | (echo "[Service]"; systemd-creds encrypt --name={{ creds_name }} --pretty - -) >> /etc/systemd/system/shared.d/00-systemd-creds.conf
printf "Environment=%s=%%d/%s\n" {{ creds_var }} {{ creds_name }} >> /etc/systemd/system/shared.d/00-systemd-creds.conf
#creates: /etc/systemd/system/shared.d/00-systemd-creds.conf