sophia/ansible-infra
0
0
Fork 0
forked from CCCHH/ansible-infra
Code Pull requests Activity

Vendor Galaxy Roles and Collections

Browse source
This commit is contained in:
Stefan Bethke 2026-02-06 22:07:16 +01:00
commit 2aed20393f
3553 changed files with 387444 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
ansible_collections/community/sops/roles/install/README.md Normal file
View file

@ -0,0 +1,7 @@
<!--
GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
SPDX-License-Identifier: GPL-3.0-or-later
SPDX-FileCopyrightText: 2022, Felix Fontein
-->
See [the documentation](https://docs.ansible.com/ansible/devel/collections/community/sops/).

10
ansible_collections/community/sops/roles/install/defaults/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2022, Felix Fontein
sops_version: latest
sops_source: auto
sops_install_on_localhost: false
sops_become_on_install: true
sops_github_latest_detection: auto

103
ansible_collections/community/sops/roles/install/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,103 @@
---
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2022, Felix Fontein
argument_specs:
main:
short_description: Install SOPS
version_added: 1.5.0
description:
- This role installs L(SOPS,https://github.com/getsops/sops) and GNU Privacy Guard (GPG).
- >-
This role supports the following operating systems:
Alpine (new enough),
Arch Linux,
CentOS 7, Stream 8, or newer,
Debian 10 (Buster) or newer,
Fedora (new enough),
RHEL 7 or newer,
Ubuntu 16.04 or newer LTS versions
- The Ansible facts C(ansible_facts.architecture), C(ansible_facts.distribution), C(ansible_facts.distribution_major_version),
C(ansible_facts.distribution_version), and C(ansible_facts.os_family) are expected to be present if O(sops_install_on_localhost) is V(false).
author:
- Felix Fontein (@felixfontein)
options:
sops_version:
default: latest
description:
- The version of SOPS to install.
- Should be a version like V(3.7.2). The special value V(latest) will select the latest version available form the given source.
type: str
sops_source:
default: auto
description:
- Determines the source from where SOPS is installed.
- The value V(github) will install SOPS from the SOPS releases on GitHub (U(https://github.com/getsops/sops/releases/)).
- The value V(system) will install SOPS from the system packages. Note that not all system package repositories support SOPS.
- The value V(auto) will determine the best source to install SOPS from. Here, system package repositories are preferred over GitHub.
type: str
choices:
- auto
- github
- system
sops_install_on_localhost:
default: false
description:
- Installs SOPS on the Ansible controller (C(localhost)) instead of the remote host.
type: bool
sops_become_on_install:
default: true
description:
- 'Whether the role should use C(become: true) when installing packages.'
type: bool
sops_github_latest_detection:
description:
- When installing the latest SOPS version from GitHub, configures how the latest release is detected.
- V(auto) tries V(api) first and then uses V(latest-release).
- V(api) asks the GitHub API for a list of recent releases and picks the highest version. Pre-releases are avoided.
- V(latest-release) uses a not fully documented URL to retrieve the release marked as "latest" by the repository maintainers.
type: str
choices:
- auto
- api
- latest-release
version_added: 1.6.0
sops_github_token:
description:
- Token to provide when querying the GitHub API for the latest release. Without the token
there are rather strict rate limits.
- Should mainly be used in GitHub Actions.
type: str
version_added: 1.6.0
attributes:
check_mode:
description: Can run in C(check_mode) and return changed status prediction without modifying target.
support: none
details:
- The role currently does not work in check mode.
# TODO: add 'check_mode: false' to tasks that prepare something
diff_mode:
description: Will return details on what has changed (or possibly needs changing in C(check_mode)), when in diff mode.
support: partial
details:
- The role supports diff mode if the M(ansible.builtin.package) action for the system supports it.
idempotent:
description:
- When run twice in a row outside check mode, with the same arguments, the second invocation indicates no change.
- This assumes that the system controlled/queried by the module has not changed in a relevant way.
support: partial
details:
- The role is idempotent if the M(ansible.builtin.package) action for the system is idempotent.
- This is usually the case, but if packages need to be installed from GitHub (that is, through an URL), idempotence might not hold.
platform:
description: Target OS/families that can be operated against.
support: full
platforms:
- Alpine (new enough)
- Arch Linux
- CentOS 7, Stream 8, or newer
- Debian 10 (Buster) or newer
- Fedora (new enough)
- RHEL 7 or newer
- Ubuntu 16.04 or newer LTS versions

11
ansible_collections/community/sops/roles/install/meta/main.yml Normal file
View file

@ -0,0 +1,11 @@
---
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2022, Felix Fontein
galaxy_info:
standalone: false
description: >
Install SOPS (https://github.com/getsops/sops).
dependencies: []

26
ansible_collections/community/sops/roles/install/tasks/detect_source.yml Normal file
View file

@ -0,0 +1,26 @@
---
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2022, Felix Fontein
- name: Check whether system packages are a valid source of SOPS {{ sops_version }}
when:
- _community_sops_install_system_has_system
- not (sops_version != 'latest' and _community_sops_install_system_has_system_latest_only)
ansible.builtin.set_fact:
_community_sops_install_effective_sops_source: system
- name: Check whether GitHub is a valid source of SOPS
when:
- _community_sops_install_system_has_github
- _community_sops_install_effective_sops_source == 'auto'
ansible.builtin.set_fact:
_community_sops_install_effective_sops_source: github
- name: Ensure that something was detected
ansible.builtin.fail:
msg: >-
Was not able to determine installation source for SOPS {{ sops_version }}
for {{ _community_sops_install_facts.distribution }} {{ _community_sops_install_facts.distribution_version }}.
Please open an issue in https://github.com/ansible-collections/community.sops/issues if you think this should work.
when: _community_sops_install_effective_sops_source == 'auto'

50
ansible_collections/community/sops/roles/install/tasks/github.yml Normal file
View file

@ -0,0 +1,50 @@
---
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2022, Felix Fontein
- name: Make sure that SOPS can be installed from GitHub
ansible.builtin.fail:
msg: >-
SOPS cannot be installed from GitHub for
{{ _community_sops_install_facts.distribution }} {{ _community_sops_install_facts.distribution_version }}.
when: not _community_sops_install_system_has_github
- name: Start determining SOPS version
ansible.builtin.set_fact:
_community_sops_install_effective_sops_version: '{{ "" if sops_version == "latest" else sops_version }}'
# This method uses the GitHub API, which is rate-limited.
- name: Determine latest version (fallback)
when:
- _community_sops_install_effective_sops_version == ''
- sops_github_latest_detection in ['auto', 'api']
ansible.builtin.include_tasks: github_api.yml
# This method asks GitHub for the latest release, which depends on the release to be
# correctly marked as "latest" in the GitHub UI. Fortunately this is not as aggressively
# rate-limited as the API (used in the fallback).
- name: Determine latest version
when:
- _community_sops_install_effective_sops_version == ''
- sops_github_latest_detection in ['auto', 'latest-release']
ansible.builtin.include_tasks: github_latest_release.yml
- name: Fail when latest version could not be selected
ansible.builtin.fail:
msg: Could not determine the latest GitHub release
when: _community_sops_install_effective_sops_version == ''
- name: Show selected version
ansible.builtin.debug:
msg: The latest SOPS version is SOPS {{ _community_sops_install_effective_sops_version }}.
when: sops_version == 'latest'
- name: Set variables
ansible.builtin.set_fact:
_community_sops_install_system_packages_actual: >-
{{ _community_sops_install_system_packages + _community_sops_install_system_packages_github }}
_community_sops_install_system_packages_unsigned_actual: >-
{{ _community_sops_install_system_packages_unsigned + _community_sops_install_system_packages_unsigned_github }}
_community_sops_install_system_package_deb_actual: >-
{{ _community_sops_install_system_package_deb_github }}

38
ansible_collections/community/sops/roles/install/tasks/github_api.yml Normal file
View file

@ -0,0 +1,38 @@
---
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2022, Felix Fontein
- name: Fetch list of releases from GitHub
ansible.builtin.uri:
headers:
Accept: application/vnd.github+json
Authorization: "{{ ('Bearer ' ~ sops_github_token) if sops_github_token is defined and sops_github_token else '' }}"
status_code:
- 200
- 403 # "HTTP Error 403: rate limit exceeded"
url: https://api.github.com/repos/getsops/sops/releases
register: _community_sops_install_github_releases
delegate_to: localhost
run_once: true
- name: In case rate limit was exceeded, inform user
ansible.builtin.debug:
msg: >-
Rate limit exceeded! Make sure to provide a GitHub token
as `sops_github_token` to reduce the chance of this error.
when: _community_sops_install_github_releases.status == 403
- name: Determine the latest release
ansible.builtin.set_fact:
_community_sops_install_effective_sops_version: >-
{{
(
_community_sops_install_github_releases.json
| rejectattr("prerelease")
| rejectattr("draft")
| map(attribute="tag_name")
| map("ansible.builtin.regex_replace", "^v", "")
| community.sops._latest_version
) if _community_sops_install_github_releases.status == 200 else ''
}}

34
ansible_collections/community/sops/roles/install/tasks/github_latest_release.yml Normal file
View file

@ -0,0 +1,34 @@
---
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2022, Felix Fontein
- name: Fetch the latest release from GitHub
ansible.builtin.uri:
follow_redirects: "none"
status_code:
- 302
- 307
url: https://github.com/getsops/sops/releases/latest/
register: _community_sops_install_github_latest_release
delegate_to: localhost
run_once: true
- name: Determine the latest release
ansible.builtin.set_fact:
_community_sops_install_effective_sops_version: >-
{{
_community_sops_install_github_latest_release.location
| default("", true)
| ansible.builtin.regex_search("(?<=/releases/tag/)([0-9a-z._-]+)")
| default("", true)
| ansible.builtin.regex_replace("^v", "")
}}
- name: In case this failed, inform user
ansible.builtin.debug:
msg: >-
Could not obtain latest version from https://github.com/getsops/sops/releases/latest/.
Please create an issue in https://github.com/ansible-collections/community.sops/issues/
if there is not already one.
when: _community_sops_install_effective_sops_version == ''

102
ansible_collections/community/sops/roles/install/tasks/main.yml Normal file
View file

@ -0,0 +1,102 @@
---
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2022, Felix Fontein
- name: Gather required information on localhost
when: sops_install_on_localhost
ansible.builtin.setup:
gather_subset:
- '!all'
- '!min'
- architecture
- distribution
- distribution_major_version
- distribution_version
- os_family
- pkg_mgr
delegate_to: localhost
delegate_facts: true
run_once: true
- vars:
_community_sops_install_facts: >-
{{ hostvars['localhost' if sops_install_on_localhost else inventory_hostname].ansible_facts }}
block:
- name: Show system information
ansible.builtin.debug:
msg: |-
Architecture: {{ _community_sops_install_facts.architecture }}
Distribution: {{ _community_sops_install_facts.distribution }} {{ _community_sops_install_facts.distribution_major_version }}
Distribution version: {{ _community_sops_install_facts.distribution_version }}
OS family: {{ _community_sops_install_facts.os_family }}
System package manager: {{ _community_sops_install_facts.pkg_mgr }}
- name: Include distribution specific variables
ansible.builtin.include_vars: '{{ lookup("ansible.builtin.first_found", params) }}'
vars:
params:
files:
- >-
D-{{ _community_sops_install_facts.distribution }}-{{ _community_sops_install_facts.distribution_version }}.yml
- >-
D-{{ _community_sops_install_facts.distribution }}-{{ _community_sops_install_facts.distribution_major_version }}.yml
- >-
D-{{ _community_sops_install_facts.distribution }}.yml
- >-
OS-{{ _community_sops_install_facts.os_family }}-{{ _community_sops_install_facts.distribution_major_version }}.yml
- >-
OS-{{ _community_sops_install_facts.os_family }}.yml
- default.yml
paths:
- '{{ role_path }}/vars'
- name: Start determining source
ansible.builtin.set_fact:
_community_sops_install_effective_sops_source: '{{ sops_source }}'
- name: Auto-detect source to install SOPS from
ansible.builtin.include_tasks: detect_source.yml
when: _community_sops_install_effective_sops_source == 'auto'
- name: Install SOPS from GitHub
ansible.builtin.include_tasks: github.yml
when: _community_sops_install_effective_sops_source == 'github'
- name: Install SOPS from system package repositories
ansible.builtin.include_tasks: system.yml
when: _community_sops_install_effective_sops_source == 'system'
- name: Install system packages
ansible.builtin.package:
name: '{{ _community_sops_install_system_packages_actual }}'
allow_downgrade: '{{ true if _community_sops_install_allow_downgrade and sops_version != "latest" else omit }}'
become: '{{ sops_become_on_install }}'
delegate_to: '{{ "localhost" if sops_install_on_localhost else omit }}'
run_once: '{{ sops_install_on_localhost }}'
when: _community_sops_install_system_packages_actual | length > 0
- name: Install unsigned system packages
ansible.builtin.package:
name: '{{ _community_sops_install_system_packages_unsigned_actual }}'
allow_downgrade: '{{ true if _community_sops_install_allow_downgrade and sops_version != "latest" else omit }}'
disable_gpg_check: true
become: '{{ sops_become_on_install }}'
delegate_to: '{{ "localhost" if sops_install_on_localhost else omit }}'
run_once: '{{ sops_install_on_localhost }}'
when: _community_sops_install_system_packages_unsigned_actual | length > 0
- name: Install packages from URL/path (Debian)
ansible.builtin.apt:
deb: '{{ _community_sops_install_system_package_deb_actual }}'
allow_downgrade: '{{ true if _community_sops_install_allow_downgrade and sops_version != "latest" else omit }}'
become: '{{ sops_become_on_install }}'
delegate_to: '{{ "localhost" if sops_install_on_localhost else omit }}'
run_once: '{{ sops_install_on_localhost }}'
when: _community_sops_install_system_package_deb_actual is string
- name: Set results
ansible.builtin.set_fact:
sops_installed: true
delegate_to: '{{ "localhost" if sops_install_on_localhost else omit }}'
delegate_facts: '{{ true if sops_install_on_localhost else omit }}'

26
ansible_collections/community/sops/roles/install/tasks/system.yml Normal file
View file

@ -0,0 +1,26 @@
---
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2022, Felix Fontein
- name: Make sure that SOPS can be installed from system packages
ansible.builtin.fail:
msg: >-
SOPS cannot be installed from system packages for
{{ _community_sops_install_facts.distribution }} {{ _community_sops_install_facts.distribution_version }}.
when: not _community_sops_install_system_has_system
- name: Make sure that systems only supporting 'latest' are not told to install another version
ansible.builtin.fail:
msg: >-
SOPS version {{ sops_version }} was requested, but we can only install latest SOPS from system packages.
when: sops_version != 'latest' and _community_sops_install_system_has_system_latest_only
- name: Set variables
ansible.builtin.set_fact:
_community_sops_install_system_packages_actual: >-
{{ _community_sops_install_system_packages + _community_sops_install_system_packages_system }}
_community_sops_install_system_packages_unsigned_actual: >-
{{ _community_sops_install_system_packages_unsigned + _community_sops_install_system_packages_unsigned_system }}
_community_sops_install_system_package_deb_actual: >-
{{ _community_sops_install_system_package_deb_system }}

23
ansible_collections/community/sops/roles/install/vars/D-Alpine.yml Normal file
View file

@ -0,0 +1,23 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
_community_sops_install_system_has_system: true
_community_sops_install_system_has_system_latest_only: true
_community_sops_install_system_has_github: false
_community_sops_install_allow_downgrade: false
_community_sops_install_system_packages:
- gpg
_community_sops_install_system_packages_unsigned: []
_community_sops_install_system_package_deb_github: false
_community_sops_install_system_packages_github: []
_community_sops_install_system_packages_unsigned_github: []
_community_sops_install_system_package_deb_system: false
_community_sops_install_system_packages_system:
- sops
_community_sops_install_system_packages_unsigned_system: []

23
ansible_collections/community/sops/roles/install/vars/D-Archlinux.yml Normal file
View file

@ -0,0 +1,23 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
_community_sops_install_system_has_system: true
_community_sops_install_system_has_system_latest_only: true
_community_sops_install_system_has_github: false
_community_sops_install_allow_downgrade: false
_community_sops_install_system_packages:
- gnupg
_community_sops_install_system_packages_unsigned: []
_community_sops_install_system_package_deb_github: false
_community_sops_install_system_packages_github: []
_community_sops_install_system_packages_unsigned_github: []
_community_sops_install_system_package_deb_system: false
_community_sops_install_system_packages_system:
- sops
_community_sops_install_system_packages_unsigned_system: []

32
ansible_collections/community/sops/roles/install/vars/OS-Debian.yml Normal file
View file

@ -0,0 +1,32 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
_community_sops_install_system_has_system: false
_community_sops_install_system_has_system_latest_only: true
_community_sops_install_system_has_github: true
_community_sops_install_allow_downgrade: '{{ ansible_version.full is version("2.12", ">=") }}'
_community_sops_install_system_packages:
- gnupg
_community_sops_install_system_packages_unsigned: []
_community_sops_install_arch_transform:
x86_64: amd64
aarch64: arm64
_community_sops_install_system_package_deb_github: >-
https://github.com/getsops/sops/releases/download/v{{
_community_sops_install_effective_sops_version
}}/sops_{{
_community_sops_install_effective_sops_version.replace('-', '.')
}}_{{
_community_sops_install_arch_transform.get(ansible_facts.architecture, ansible_facts.architecture)
}}.deb
_community_sops_install_system_packages_github: []
_community_sops_install_system_packages_unsigned_github: []
_community_sops_install_system_package_deb_system: false
_community_sops_install_system_packages_system: []
_community_sops_install_system_packages_unsigned_system: []

37
ansible_collections/community/sops/roles/install/vars/OS-RedHat.yml Normal file
View file

@ -0,0 +1,37 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
_community_sops_install_system_has_system: false
_community_sops_install_system_has_system_latest_only: true
_community_sops_install_system_has_github: true
_community_sops_install_allow_downgrade: true
_community_sops_install_system_packages:
- gnupg2
_community_sops_install_system_packages_unsigned: []
_community_sops_install_system_package_deb_github: false
_community_sops_install_system_packages_github: []
_community_sops_install_system_packages_unsigned_github:
- >-
https://github.com/getsops/sops/releases/download/v{{
_community_sops_install_effective_sops_version
}}/sops-{{
(_community_sops_install_effective_sops_version is version('3.6.0', '<')) | ternary('v', '')
}}{{
_community_sops_install_effective_sops_version.replace('-', '.')
}}{{
(
_community_sops_install_effective_sops_version is version('3.8.0', '<') or
_community_sops_install_effective_sops_version is version('3.9.0', '>=')
) | ternary('-1', '')
}}.{{
ansible_facts.architecture
}}.rpm
_community_sops_install_system_package_deb_system: false
_community_sops_install_system_packages_system: []
_community_sops_install_system_packages_unsigned_system: []

21
ansible_collections/community/sops/roles/install/vars/default.yml Normal file
View file

@ -0,0 +1,21 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
_community_sops_install_system_has_system: false
_community_sops_install_system_has_system_latest_only: true
_community_sops_install_system_has_github: false
_community_sops_install_allow_downgrade: false
_community_sops_install_system_packages: []
_community_sops_install_system_packages_unsigned: []
_community_sops_install_system_package_deb_github: false
_community_sops_install_system_packages_github: []
_community_sops_install_system_packages_unsigned_github: []
_community_sops_install_system_package_deb_system: false
_community_sops_install_system_packages_system: []
_community_sops_install_system_packages_unsigned_system: []