Commit faffb56d authored by Maciej Delmanowski's avatar Maciej Delmanowski

Merge branch 'drybjed-update-dotfiles'

parents 59110c91 2b2a48c8
Pipeline #60879476 passed with stages
in 404 minutes and 18 seconds
......@@ -41,7 +41,7 @@ Added
- :ref:`debops.yadm` role installs the `Yet Another Dotfiles Manager`__
script and ensures that additional shells are available. It can also mirror
dotfiles locally.
dotfiles locally. The role is included in the common playbook.
.. __: https://yadm.io/
......@@ -251,6 +251,19 @@ Changed
:ref:`debops.roundcube` and :ref:`debops.librenms` roles, since
:ref:`debops.php` will take care of the installation.
- [debops.users][debops.root_account] Management of the ``root`` dotfiles has
been removed from the :ref:`debops.users` role and is now done in the
:ref:`debops.root_account` role, using the :command:`yadm` script. Users
might need to clean out the existing dotfiles if they were managed as
symlinks, otherwise :command:`yadm` script will not be able to correctly
deploy the new dotfiles.
The management of the user dotfiles in the :ref:`debops.users` role has been
redesigned and now uses the :command:`yadm` script to perform the actual
deployment. See :ref:`debops.yadm` for details about installing the script
and creating local dotfile mirrors. The :ref:`users__ref_accounts` variable
documentation contains examples of new dotfile definitions.
Removed
~~~~~~~
......
......@@ -108,6 +108,32 @@ root_account__shell: ''
root_account__fix_no_tty: True
# ]]]
# ]]]
# The root dotfiles [[[
# ---------------------
# The dotfiles of the ``root`` account are managed using the :command:`yadm`
# script, installed by the :ref:`debops.yadm` role.
# .. envvar:: root_account__dotfiles_enabled [[[
#
# Enable or disable dotfiles management, depending on the availablility of the
# dotfiles repository installed by the :ref:`debops.yadm` role.
root_account__dotfiles_enabled: '{{ True
if (ansible_local|d() and ansible_local.yadm|d() and
ansible_local.yadm.dotfiles|d())
else False }}'
# ]]]
# .. envvar:: root_account__dotfiles_repo [[[
#
# An URL or an absolute directory to the :command:`git` repository that
# contains dotfiles for the ``root`` account.
root_account__dotfiles_repo: '{{ ansible_local.yadm.dotfiles
if (ansible_local|d() and ansible_local.yadm|d() and
ansible_local.yadm.dotfiles|d())
else "" }}'
# ]]]
# ]]]
# Authorized SSH keys [[[
# -----------------------
......
......@@ -105,6 +105,18 @@
state: 'present'
when: root_account__enabled|bool and root_account__fix_no_tty|bool
- name: Manage root dotfiles
shell: |
if ! [ -e "$HOME/.yadm/repo.git" ] ; then
yadm clone --bootstrap "{{ root_account__dotfiles_repo }}"
else
yadm pull
fi
register: root_account__register_dotfiles
changed_when: ('Already up-to-date.' not in root_account__register_dotfiles.stdout_lines)
when: root_account__dotfiles_enabled|bool
check_mode: False
- name: Make sure Ansible fact directory exists
file:
path: '/etc/ansible/facts.d'
......
......@@ -66,9 +66,8 @@ users__default_system: '{{ (True
#
# Specify absolute path of the shell which should be configured on all user
# accounts managed by this role, if not overriden by the user configuration. If
# not specified, the shell won't be changed. The shell can be specified by the
# user configuration files, see :ref:`users__ref_dotfiles_map` for more
# details.
# not specified, the shell won't be changed, but new accounts will not have
# a defined shell either.
users__default_shell: ''
# ]]]
# ]]]
......@@ -129,14 +128,6 @@ users__group_accounts: []
# List of UNIX user accounts to manage on specific hosts in Ansible inventory.
users__host_accounts: []
# ]]]
# .. envvar:: users__root_accounts [[[
#
# This is only used for configuration files and SSH keys management on the
# UNIX ``root`` account.
users__root_accounts:
- name: 'root'
# ]]]
# .. envvar:: users__default_accounts [[[
#
......@@ -193,57 +184,23 @@ users__host_resources: []
# .. envvar:: users__dotfiles_enabled [[[
#
# Default state of dotfiles on all accounts managed by Ansible
# False - dotfiles are not configured by default
# True - dotfiles will be configured by default
users__dotfiles_enabled: False
# ]]]
# .. envvar:: users__dotfiles_dest [[[
#
# Path in the user's $HOME directory where dotfiles should be checked
# out if not specified otherwise.
users__dotfiles_dest: '~/.config/dotfiles'
# ]]]
# .. envvar:: users__dotfiles_update [[[
#
# If enabled, user configuration files repository will be updated on each
# Ansible run.
users__dotfiles_update: True
# ]]]
# .. envvar:: users__dotfiles_name [[[
#
# Default user configuration files dictionary to use, if none is specified.
users__dotfiles_name: 'drybjed'
# ]]]
# .. envvar:: users__dotfiles_default_map [[[
#
# A YAML dictionary with default definitions of the user configuration files.
# See the :ref:`users__ref_dotfiles_map` for more details.
users__dotfiles_default_map:
'drybjed':
repo: 'https://github.com/drybjed/dotfiles.git'
command: 'make install'
creates: '~/.zshrc'
shell: '/bin/zsh'
# ]]]
# .. envvar:: users__dotfiles_map [[[
#
# A YAML dictionary with definitions of the user configuration files.
# See the :ref:`users__ref_dotfiles_map` for more details.
users__dotfiles_map: {}
# Enable or disable management of user dotfiles via :command:`yadm` script. See
# the :ref:`debops.yadm` role for script installation and dotfile mirroring.
users__dotfiles_enabled: '{{ True
if (ansible_local|d() and ansible_local.yadm|d() and
ansible_local.yadm.dotfiles|d())
else False }}'
# ]]]
# .. envvar:: users__dotfiles_combined_map [[[
# .. envvar:: users__dotfiles_repo [[[
#
# The combined YAML dictionary which holds the information about user
# configuration files.
users__dotfiles_combined_map: '{{ users__dotfiles_default_map
| combine(users__dotfiles_map) }}'
# An URL or an absolute path on the remote host to the :command:`git` dotfiles
# repository. The repository will be used by default if the dotfiles management
# is enabled without specifying a custom repository for the user.
users__dotfiles_repo: '{{ ansible_local.yadm.dotfiles
if (ansible_local|d() and ansible_local.yadm|d() and
ansible_local.yadm.dotfiles|d())
else "" }}'
# ]]]
# ]]]
# ]]]
---
- name: Get users dotfiles from git repository
become_user: '{{ item.name }}'
become: True
git:
repo: '{{ item.dotfiles_repo | d(users__dotfiles_combined_map[item.dotfiles_name
| d(users__dotfiles_name)].repo) }}'
dest: '{{ item.dotfiles_dest | d(users__dotfiles_dest) }}'
version: '{{ item.dotfiles_version | d("master") }}'
update: '{{ (item.dotfiles_update | d(users__dotfiles_combined_map[item.dotfiles_name
| d(users__dotfiles_name)].update | d(users__dotfiles_update))) | bool }}'
- name: Manage users dotfiles
shell: |
if ! [ -e "$HOME/.yadm/repo.git" ] ; then
yadm clone --bootstrap "{{ item.dotfiles_repo | d(users__dotfiles_repo) }}"
else
yadm pull
fi
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
- '{{ users__group_accounts }}'
- '{{ users__host_accounts }}'
- '{{ users__dependent_accounts }}'
when: (item.name|d() and item.state|d('present') != 'absent' and item.createhome|d(True) and
item.dotfiles_enabled | d(users__dotfiles_enabled) | bool)
no_log: '{{ users__no_log | bool }}'
- name: Configure users dotfiles
become_user: '{{ item.name }}'
become: True
command: '{{ item.dotfiles_command | d(users__dotfiles_combined_map[item.dotfiles_name
| d(users__dotfiles_name)].command) }}'
args:
chdir: '{{ item.dotfiles_dest | d(users__dotfiles_dest) }}'
creates: '{{ item.dotfiles_creates
if item.dotfiles_creates|d()
else (users__dotfiles_combined_map[item.dotfiles_name | d(users__dotfiles_name)].creates
if users__dotfiles_combined_map[item.dotfiles_name | d(users__dotfiles_name)].creates|d()
else omit) }}'
register: users__register_dotfiles_command
changed_when: users__register_dotfiles_command.stdout|d() and
not users__register_dotfiles_command.stdout.startswith('skipped, since ')
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
- '{{ users__group_accounts }}'
- '{{ users__host_accounts }}'
- '{{ users__dependent_accounts }}'
when: (item.name|d() and item.state|d('present') != 'absent' and item.createhome|d(True) and
item.dotfiles_enabled | d(users__dotfiles_enabled) | bool and
item.dotfiles_command | d(users__dotfiles_combined_map[item.dotfiles_name
| d(users__dotfiles_name)].command|d()))
no_log: '{{ users__no_log | bool }}'
- name: Configure users shell if specified
user:
name: '{{ item.name }}'
shell: '{{ item.shell | d(users__dotfiles_combined_map[item.dotfiles_name | d(users__dotfiles_name)].shell
if (item.dotfiles_enabled | d(users__dotfiles_enabled) | bool and
users__dotfiles_combined_map[item.dotfiles_name | d(users__dotfiles_name)].shell|d())
else (users__default_shell if users__default_shell else omit)) }}'
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
- '{{ users__group_accounts }}'
- '{{ users__host_accounts }}'
- '{{ users__dependent_accounts }}'
become_user: '{{ item.name }}'
check_mode: False
register: users__register_dotfiles
changed_when: ('Already up-to-date.' not in users__register_dotfiles.stdout_lines)
when: (item.name|d() and item.state|d('present') != 'absent' and item.createhome|d(True) and
(item.dotfiles_enabled | d(users__dotfiles_enabled) | bool or item.shell|d() or users__default_shell))
(item.dotfiles | d(item.dotfiles_enabled | d(users__dotfiles_enabled))) | bool and
(item.dotfiles_repo | d(users__dotfiles_repo)))
no_log: '{{ users__no_log | bool }}'
......@@ -7,7 +7,6 @@
user: '{{ item.name }}'
exclusive: '{{ item.sshkeys_exclusive | d(omit) }}'
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
......@@ -23,7 +22,6 @@
path: '~{{ item.name }}/.ssh/authorized_keys'
state: 'absent'
with_flattened:
- '{{ users__root_accounts }}'
- '{{ users__default_accounts }}'
- '{{ users__admin_accounts }}'
- '{{ users__accounts }}'
......
......@@ -27,7 +27,7 @@
- name: Check if defined shells exist
stat:
path: "{{ item }}"
loop: '{{ ((users__default_accounts + users__admin_accounts + users__root_accounts
loop: '{{ ((users__default_accounts + users__admin_accounts
+ users__accounts + users__group_accounts + users__host_accounts
+ users__dependent_accounts) | selectattr("shell", "defined")
| map(attribute="shell") | unique | list)
......@@ -53,7 +53,7 @@
password: '{{ item.password | d("*") }}'
update_password: '{{ item.update_password | d("on_create") }}'
system: '{{ item.system | d(True if (users__default_system | bool) else omit) }}'
shell: '{{ item.shell | d(omit) }}'
shell: '{{ item.shell | d(users__default_shell if users__default_shell|d() else omit) }}'
home: '{{ item.home | d(omit) }}'
createhome: '{{ item.createhome | d(omit) }}'
move_home: '{{ item.move_home | d(omit) }}'
......
......@@ -264,52 +264,18 @@ Parameters related to mail forwarding
Parameters related to user configuration files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
``dotfiles_enabled``
``dotfiles_enabled`` / ``dotfiles``
Optional, boolean. Enable or disable management of the user configuration
files.
``dotfiles_name``
Optional. Name of the key in the :envvar:`users__dotfiles_combined_map` dictionary
which corresponds to the user configuration files to use. If not specified,
the default from :envvar:`users__dotfiles_name` will be used.
You can also use the parameters below to configure the dotfiles directly for
a specific account.
``dotfiles_repo``
Optional. URL to the :command:`git` repository with the user configuration files to
deploy. If not specified, the default dotfiles repository will be used
instead.
``dotfiles_dest``
Optional. Specify the path where the user configuration files should be
cloned into. If not specified, :envvar:`users__dotfiles_dest` variable will be used
instead, by default cloning the :command:`git` repository to :file:`~/.config/dotfiles/`
directory.
``dotfiles_version``
Optional. Specify a :command:`git` branch or tag of the user configuration
files which should be downloaded and checked out. If not specified, role will
automatically check out the ``master`` branch.
``dotfiles_update``
Optional, boolean. Specify if the user configuration files repository should
be updated on each Ansible run. If not set, the default from
:envvar:`users__dotfiles_update` will be used instead.
``dotfiles_command``
Optional. Command to execute to deploy the dotfiles. The command will be
executed in the checked out directory (by default :file:`~/.config/dotfiles/`)
with the user privileges.
The task checks the output of the given command; if it's not empty, the task
will be marked as changed.
``dotfiles_creates``
Optional. Path to a file which indicates that the dotfiles deployment has
been completed and the command task will be skipped. If not specified, the
command used to deploy the configuration files will be executed on each
Ansible run.
Optional. An URL or an absolute path on the host to the :command:`git`
repository with the user configuration files to deploy. If not specified, the
default dotfiles repository, defined in the :envvar:`users__dotfiles_repo`
variable, will be used instead. The repository will be dployed or updated
using the :command:yadm` script, installed by the :ref:`debops.yadm` Ansible
role.
Examples
~~~~~~~~
......@@ -405,37 +371,3 @@ Examples
.. literalinclude:: examples/manage-resources.yml
:language: yaml
.. _users__ref_dotfiles_map:
users__dotfiles_map
-------------------
This is a YAML dictionary which can be used to define sets of user
configuration files. These sets can then be enabled globally or per user
account as needed. Each set is a YAML dictionary with specific parameters:
``repo``
Required. An URL to the :command:`git` repository which holds the user configuration
files.
``command``
Optional. A command executed by Ansible used to deploy the dotfiles. The
command will be executed with a given user privileges, in the dotfiles
directory (by default :file:`~/.config/dotfiles/`).
``creates``
Optional. Path to the file which will indicate that the dotfiles have been
deployed. If not specified, the command set in the ``command`` parameter will
be executed on each Ansible run.
``shell``
Optional. Specify the shell which should be enabled for users that use
a given set of user configuration files.
Examples
~~~~~~~~
.. literalinclude:: examples/manage-dotfiles.yml
:language: yaml
......@@ -12,6 +12,7 @@ users__accounts:
groups: [ 'sshusers' ]
shell: '/bin/zsh'
dotfiles_enabled: True
dotfiles_repo: 'https://git.example.org/user2/dotfiles'
# An user account with a random password, stored in 'secret/'. This user
# account will be added in the 'users' UNIX group instead of its own group.
......
---
# Manage user configuration files
users__dotfiles_map:
# A custom set of dotfiles
'custom':
repo: 'https://github.com/example/dotfiles.git'
command: 'make install'
# Another set of dotfiles activated by a file
'example':
repo: 'https://github.com/example2/dotfiles.git'
command: 'make install'
creates: '~/.bashrc.local'
shell: '/bin/bash'
# Create an user account with specific set of dotfiles
users__accounts:
- name: 'example_user'
dotfiles_enabled: True
dotfiles_name: 'example'
......@@ -25,8 +25,6 @@ List of renamed user list variables:
+----------------------+-----------------------------------+
| ``users_host_list`` | :envvar:`users__host_accounts` |
+----------------------+-----------------------------------+
| ``users_root`` | :envvar:`users__root_accounts` |
+----------------------+-----------------------------------+
| ``users_admins`` | :envvar:`users__admin_accounts` |
+----------------------+-----------------------------------+
| ``users_default`` | :envvar:`users__default_accounts` |
......@@ -38,18 +36,6 @@ List of renamed user list variables:
| | :envvar:`users__host_groups` |
+----------------------+-----------------------------------+
List of other renamed variables:
+--------------------------------+---------------------------------------+
| Old variable name | New variable name |
+================================+=======================================+
| ``users_default_dotfiles`` | :envvar:`users__dotfiles_enabled` |
+--------------------------------+---------------------------------------+
| ``users_default_dotfiles_key`` | :envvar:`users__dotfiles_name` |
+--------------------------------+---------------------------------------+
| ``users_dotfiles`` | :envvar:`users__dotfiles_default_map` |
+--------------------------------+---------------------------------------+
This script can come in handy to update the inventory variable names, assuming
that your inventory is stored in a :command:`git` repository:
......
......@@ -140,6 +140,12 @@ Inventory variable changes
| ``sshd__ldap_password_length`` | Removed | No |
+---------------------------------------------+--------------------------------+--------------------------------------------------+
- The management of the ``root`` account dotfiles has been removed from the
:ref:`debops.users` role and is now included in the
:ref:`debops.root_account` role. The dotfiles are managed using
:command:`yadm` script, installed by the :ref:`debops.yadm` role. The
``users__root_accounts`` list has been removed.
v0.8.1 (2019-02-02)
-------------------
......
{
"ldap__servers": [ "ldap.vagrant.test" ]
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment