wip: ansible pull

2025-07-21 20:15:57 +02:00
10 changed files with 0 additions and 99 deletions
--- a/inventories/chaosknoten/host_vars/netbox.yaml
+++ b/inventories/chaosknoten/host_vars/netbox.yaml
@ -1,10 +1,3 @@
 ansible_pull__repo_url: https://git.hamburg.ccc.de/CCCHH/ansible-infra.git
 ansible_pull__inventory: inventories/chaosknoten
 ansible_pull__playbook: playbooks/maintenance.yaml
 ansible_pull__timer_on_calendar: "*-*-* 04:00:00 Europe/Berlin"
 ansible_pull__timer_randomized_delay_sec: 30min
 ansible_pull__checkout: ansible_pull
 netbox__version: "v4.1.7"
 netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
 netbox__custom_pipeline_oidc_group_and_role_mapping: true
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@ -180,6 +180,3 @@ alloy_hosts:
  hosts:
    grafana:
    ntfy:
 ansible_pull_hosts:
  hosts:
    netbox:
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@ -78,10 +78,5 @@
      ansible.builtin.include_role:
        name: grafana.grafana.alloy
 - name: Ensure ansible_pull deployment on ansible_pull_hosts
  hosts: ansible_pull_hosts
  roles:
    - ansible_pull
 - name: Run ensure_eh22_styleguide_dir Playbook
  ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml
--- a/roles/ansible_pull/README.md
+++ b/roles/ansible_pull/README.md
@ -9,15 +9,9 @@ Should work on Debian-based distributions.
 ## Required Arguments
 - `ansible_pull__age_private_key`: The age private key to use to decrypt SOPS secrets with.
 - `ansible_pull__repo_url`: The URL of the repo to run the playbook from.
 - `ansible_pull__inventory`: The inventory to use.
 - `ansible_pull__playbook`: The playbook to run.
 - `ansible_pull__timer_on_calendar`: When to run the playbook. This is the argument to a systemd timers OnCalendar. See the systemd.time man page for reference.
 ## Optional Arguments
 - `ansible_pull__user`: The user to run `ansible_pull` as. Defaults to `ansible_user`.
 - `ansible_pull__checkout`: The branch/tag/commit to check out to run the playbook from. Defaults to `main`.
 - `ansible_pull__timer_randomized_delay_sec`: The timer will be randomly delayed by a value between 0 and this. Useful to not have all timers fire at the same time, even if `ansible_pull__timer_on_calendar` is the same. Time value in seconds. Defaults to 0.
 ## Links & Resources
--- a/roles/ansible_pull/defaults/main.yaml
+++ b/roles/ansible_pull/defaults/main.yaml
@ -1,3 +1 @@
 ansible_pull__user: "{{ ansible_user }}"
 ansible_pull__checkout: "main"
 ansible_pull__timer_randomized_delay_sec: "0"
--- a/roles/ansible_pull/handlers/main.yaml
+++ b/roles/ansible_pull/handlers/main.yaml
@ -1,4 +0,0 @@
 - name: systemd daemon reload
  ansible.builtin.systemd_service:
    daemon_reload: true
  become: true
--- a/roles/ansible_pull/meta/argument_specs.yaml
+++ b/roles/ansible_pull/meta/argument_specs.yaml
@ -4,24 +4,6 @@ argument_specs:
      ansible_pull__age_private_key:
        type: str
        required: true
      ansible_pull__repo_url:
        type: str
        required: true
      ansible_pull__inventory:
        type: str
        required: true
      ansible_pull__playbook:
        type: str
        required: true
      ansible_pull__timer_on_calendar:
        type: str
        required: true
      ansible_pull__user:
        type: str
        required: false
      ansible_pull__checkout:
        type: str
        required: false
      ansible_pull__timer_randomized_delay_sec:
        type: str
        required: false
--- a/roles/ansible_pull/tasks/main.yaml
+++ b/roles/ansible_pull/tasks/main.yaml
@ -32,32 +32,3 @@
    owner: root
    group: "{{ ansible_pull__user }}"
  become: true
 - name: ensure systemd service exists
  ansible.builtin.template:
    src: ansible-pull.service.j2
    dest: /etc/systemd/system/ansible-pull.service
    owner: root
    group: root
    mode: "0644"
  become: true
  notify:
    - systemd daemon reload
 - name: ensure systemd timer exists
  ansible.builtin.template:
    src: ansible-pull.timer.j2
    dest: /etc/systemd/system/ansible-pull.timer
    owner: root
    group: root
    mode: "0644"
  become: true
  notify:
    - systemd daemon reload
 - name: ensure systemd timer is started and enabled
  ansible.builtin.systemd_service:
    name: ansible-pull.timer
    state: started
    enabled: true
  become: true
--- a/roles/ansible_pull/templates/ansible-pull.service.j2
+++ b/roles/ansible_pull/templates/ansible-pull.service.j2
@ -1,16 +0,0 @@
 [Unit]
 Description=ansible-pull for configuration and maintenance
 After=network-online.target
 Wants=network-online.target
 [Service]
 Type=oneshot
 Environment="SOPS_AGE_KEY_FILE=/etc/ansible_pull_secrets/age_private_key"
 ExecStart=/usr/local/lib/ansible_pull_venv/bin/ansible-pull \
          --directory /home/chaos/ansible_pull_checkout \
          --clean \
          --url "{{ ansible_pull__repo_url }}" \
          --checkout "{{ ansible_pull__checkout }}" \
          --inventory "{{ ansible_pull__inventory }}" \
          "{{ ansible_pull__playbook }}"
 User={{ ansible_pull__user }}
--- a/roles/ansible_pull/templates/ansible-pull.timer.j2
+++ b/roles/ansible_pull/templates/ansible-pull.timer.j2
@ -1,9 +0,0 @@
 [Unit]
 Description=ansible-pull for configuration and maintenance on a timer
 [Timer]
 OnCalendar={{ ansible_pull__timer_on_calendar }}
 RandomizedDelaySec={{ ansible_pull__timer_randomized_delay_sec }}
 [Install]
 WantedBy=timers.target