Mercurial > hg > mhoward > devbox-ansible / changeset
changeset
start breaking roles out
Sun, 20 Mar 2016 02:03:27 -0400
- author
- Meredith Howard <mhoward@roomag.org>
- date
- Sun, 20 Mar 2016 02:03:27 -0400
- changeset 17
- d0d9fdf1f9d3
- parent 16
- c781422f639f
- child 18
- 934f20587c6d
start breaking roles out
--- a/playbook.yml +++ b/playbook.yml @@ -1,5 +1,11 @@ --- - hosts: all roles: + - repositories + - sudo + - zsh + - ag + - mercurial - devbox + - user
new file mode 100644 --- /dev/null +++ b/roles/ag/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- include_vars: "{{ansible_os_family}}.yml" + +- package: + name: "{{ ag_package }}" + state: latest + tags: packages, install + when: ansible_os_family == 'Debian' +
new file mode 100644 --- /dev/null +++ b/roles/ag/vars/Debian.yml @@ -0,0 +1,4 @@ +--- + +ag_package: silversearcher-ag +
new file mode 100644 --- /dev/null +++ b/roles/ag/vars/FreeBSD.yml @@ -0,0 +1,4 @@ +--- + +ag_package: the_silver_searcher +
new file mode 100644 --- /dev/null +++ b/roles/ag/vars/MacOSX.yml @@ -0,0 +1,4 @@ +--- + +ag_package: the_silver_searcher +
--- a/roles/devbox/tasks/dist-debian.yml +++ b/roles/devbox/tasks/dist-debian.yml @@ -22,14 +22,9 @@ - name: Install base packages apt: name={{item}} state=installed default_release={{ansible_distribution_release}}-backports with_items: - - sudo - build-essential - - git - - mercurial - vim - exuberant-ctags - - silversearcher-ag - - zsh - tmux tags: packages, install
--- a/roles/devbox/tasks/dist-macosx.yml +++ b/roles/devbox/tasks/dist-macosx.yml @@ -8,12 +8,8 @@ - name: Install base packages macports: name={{item}} state=active with_items: - - git - - mercurial - MacVim - ctags - - the_silver_searcher - - zsh - tmux - dejavu-fonts tags: packages, install
--- a/roles/devbox/tasks/main.yml +++ b/roles/devbox/tasks/main.yml @@ -3,95 +3,4 @@ - include: dist-debian.yml when: ansible_os_family == 'Debian' -- include: dist-macosx.yml - when: ansible_os_family == 'MacOSX' -- include: dist-freebsd.yml - when: ansible_os_family == 'FreeBSD' - - -# sudo may not be everywhere. wheel is a common alternative -- name: Enable sudo for sudo group - lineinfile: - dest: /etc/sudoers - state: present - regexp: '^%sudo' - line: '%sudo ALL=(ALL:ALL) ALL' - tags: sudo - - -# Create/update my user, don't clobber my extra groups. -- name: User setup - user: - name: "{{user.name}}" - comment: "{{user.comment}}" - shell: /bin/zsh - groups: sudo - append: true - register: user - tags: user - - -- name: ssh | Pubkey for user - authorized_key: - manage_dir: true - user: "{{user.name}}" - key: "{{item}}" - with_file: - - public_keys/{{user.name}} - tags: user, ssh - -- name: ssh | Ensure known_hosts keys - become: true - become_user: "{{user.name}}" - lineinfile: - dest: "{{user.home}}/.ssh/known_hosts" - state: present - line: "{{item.value}}" - create: true - mode: 0600 - with_dict: "{{hostkeys}}" - tags: user, ssh - -- name: ssh | Purge invalid known_hosts keys - become: true - become_user: "{{user.name}}" - lineinfile: - dest: "{{user.home}}/.ssh/known_hosts" - state: absent - line: "{{item.value}}" - with_dict: "{{hostkeys_removed}}" - tags: user, ssh - - -# I like to make my ~ my dotfiles working directory (some folks symlink -# everything) Here that means I clone, move hg, then checkout, clobbering any -# conflicts with /etc/skel stuff. -- name: Check for dotfiles checkout in homedir - stat: path={{user.home}}/.hg - register: dotfiles - tags: user, dotfiles - -- name: Clone dotfiles - when: dotfiles.stat.exists == false - shell: > - hg clone -U {{dotfiles_repository}} {{user.home}}/_dotfiles_ - && mv {{user.home}}/_dotfiles_/.hg {{user.home}} - && rmdir {{user.home}}/_dotfiles_ - && chown -R {{user.name}}:{{user.group}} {{user.home}}/.hg - && sudo -u {{user.name}} hg -R {{user.home}} update -C - tags: user, dotfiles - - -# This is an existing script that clones/updates zgen, rbenv, and plenv. -# My dotfiles use each if the right directory exists. -- name: Run homedir-setup - become: true - become_user: "{{user.name}}" - shell: bin/homedir-setup chdir={{user.home}} - register: homedir_setup - changed_when: homedir_setup.stdout | match("Updating|Cloning") - failed_when: homedir_setup.rc != 0 - tags: user, install - -
new file mode 100644 --- /dev/null +++ b/roles/git/tasks/main.yml @@ -0,0 +1,7 @@ +--- + +- package: + name: git + state: latest + tags: packages, install +
new file mode 100644 --- /dev/null +++ b/roles/mercurial/tasks/main.yml @@ -0,0 +1,7 @@ +--- + +- package: + name: mercurial + state: latest + tags: packages, install +
new file mode 100644 --- /dev/null +++ b/roles/repositories/tasks/debian.yml @@ -0,0 +1,21 @@ +--- + +- name: add python-apt + apt: name=python-apt state=installed + +# Not used here, but nice to have ready +- name: add backports repo + apt_repository: + repo: "deb http://http.debian.net/debian {{ansible_distribution_release}}-backports main" + tags: repos + +- name: add pgdg repo + when: ansible_architecture in ['i386', 'x86_64'] + apt_repository: + repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main" + tags: repos + +- name: apt upgrade + apt: upgrade=yes update_cache=yes cache_valid_time=3600 + tags: packages, upgrade +
new file mode 100644 --- /dev/null +++ b/roles/repositories/tasks/main.yml @@ -0,0 +1,5 @@ +--- + +- include: debian.yml + when: ansible_distribution == 'Debian' +
new file mode 100644 --- /dev/null +++ b/roles/sudo/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- package: + name: sudo + state: latest + tags: packages, install + +- name: sudo group + group: + name: sudo + state: present + system: yes + +- name: sudo permission for sudoers + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%sudo' + line: '%sudo ALL=(ALL:ALL) ALL' +
new file mode 100644 --- /dev/null +++ b/roles/user/tasks/main.yml @@ -0,0 +1,75 @@ +--- + +# Create/update my user, don't clobber my extra groups. +- name: User setup + user: + name: "{{user.name}}" + comment: "{{user.comment}}" + shell: /bin/zsh + groups: sudo + append: true + register: user + tags: user + +- name: ssh | Pubkey for user + authorized_key: + manage_dir: true + user: "{{user.name}}" + key: "{{item}}" + with_file: + - public_keys/{{user.name}} + tags: user, ssh + +- name: ssh | Ensure known_hosts keys + become: true + become_user: "{{user.name}}" + lineinfile: + dest: "{{user.home}}/.ssh/known_hosts" + state: present + line: "{{item.value}}" + create: true + mode: 0600 + with_dict: "{{hostkeys}}" + tags: user, ssh + +- name: ssh | Purge invalid known_hosts keys + become: true + become_user: "{{user.name}}" + lineinfile: + dest: "{{user.home}}/.ssh/known_hosts" + state: absent + line: "{{item.value}}" + with_dict: "{{hostkeys_removed}}" + tags: user, ssh + + +# I like to make my ~ my dotfiles working directory (some folks symlink +# everything) Here that means I clone, move hg, then checkout, clobbering any +# conflicts with /etc/skel stuff. +- name: Check for dotfiles checkout in homedir + stat: path={{user.home}}/.hg + register: dotfiles + tags: user, dotfiles + +- name: Clone dotfiles + when: dotfiles.stat.exists == false + shell: > + hg clone -U {{dotfiles_repository}} {{user.home}}/_dotfiles_ + && mv {{user.home}}/_dotfiles_/.hg {{user.home}} + && rmdir {{user.home}}/_dotfiles_ + && chown -R {{user.name}}:{{user.group}} {{user.home}}/.hg + && sudo -u {{user.name}} hg -R {{user.home}} update -C + tags: user, dotfiles + + +# This is an existing script that clones/updates zgen, rbenv, and plenv. +# My dotfiles use each if the right directory exists. +- name: Run homedir-setup + become: true + become_user: "{{user.name}}" + shell: bin/homedir-setup chdir={{user.home}} + register: homedir_setup + changed_when: homedir_setup.stdout | match("Updating|Cloning") + failed_when: homedir_setup.rc != 0 + tags: user, install +
