feat: added new roles to match daily driver desktop; full idempotency; several fixes and tweaks; re-added hosts in inventory

2023-11-19 00:00:00 +00:00 · 2023-11-19 00:00:00 +00:00 · 726b7668f9
commit 726b7668f9
parent 555fde4351
65 changed files with 10012 additions and 377 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/development/defaults/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/development/defaults/main.yml
@ -1,2 +1,4 @@
 ---
 custom_github_token: ""
+development_docker_remap_user: "{{ custom_base_user_account }}"
+development_docker_remap_group: "{{ custom_base_user_account }}"
--- a/collections/ansible_collections/nullified/infrastructure/roles/development/handlers/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/development/handlers/main.yml
@ -1,2 +1,7 @@
 ---
-# handlers file for development
+- name: '[docker] restart service'
+  become: true
+  ansible.builtin.systemd_service:
+    name: docker
+    enabled: true
+    state: restarted
--- a/collections/ansible_collections/nullified/infrastructure/roles/development/tasks/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/development/tasks/main.yml
@ -1,140 +1,230 @@
 ---
- name: '[APT] install dependencies and tools'
+- name: '[setup] gather facts if not already done'
+  setup:
+    gather_subset:
+      - distribution
+      - distribution_release
+
+- name: '[home] get user account information'
+  ansible.builtin.getent:
+    database: passwd
+    key: "{{ custom_base_user_account }}"
+    split: ":"
+  changed_when: false
+  when: getent_passwd is undefined or custom_base_user_account not in getent_passwd
+
+- name: '[apt] install dependencies and tools'
  become: true
  ansible.builtin.apt:
    update_cache: true
    force_apt_get: true
    cache_valid_time: 3600
    pkg:
+      - apt-transport-https # docker-ce
      - autoconf
+      - automake
      - bc
+      - build-essential
      - ca-certificates # docker-ce
      - curl
      - g++
      - gcc
      - git
-      - gnupg # docker-ce
+      - git-lfs
+      - gnupg2 # docker-ce
      - jq
      - libasound2 # draw.io
      - libatspi2.0-0 # draw.io
+      - libcairo2
+      - libcairo2-dev
+      - libcurl4-openssl-dev
+      - libffi-dev
      - libgtk-3-0 # draw.io
      - libnotify4 # draw.io
      - libnss3 # draw.io
      - libsecret-1-0 # draw.io
+      - libssl-dev
+      - libtool
      - libxss1 # draw.io
      - libxtst6 # draw.io
      - make
+      - mariadb-client
+      - pipx
+      - postgresql-client
+      - python3-dev
+      - python3-pip
+      - python3-virtualenv
      - shellcheck
+      - sqlite3
      - valgrind
      - xdg-utils # draw.io
    state: present

- name: '[GitHub] install tools'
+- name: '[github] install tools'
  become: true
-  tags:
-    - molecule-idempotence-notest
  nullified.infrastructure.github_artifact:
    github_token: '{{ custom_github_token }}'
-    artifacts:
-      - asset_name: dive_{version}_linux_amd64.deb
-        asset_type: release
-        repository: wagoodman/dive
-        cmds:
-          - dpkg -i {asset_dirname}/{asset_filename}
-      - asset_name: kubeconform-linux-amd64.tar.gz
-        asset_type: release
-        repository: yannh/kubeconform
-        cmds:
-          - tar -zxf {asset_dirname}/{asset_filename}
-          - install --group=root --mode=755 --owner=root kubeconform /usr/local/bin
-      - asset_name: git-delta_{version}_amd64.deb
-        asset_type: release
-        repository: dandavison/delta
-        cmds:
-          - dpkg -i {asset_dirname}/{asset_filename}
-      - asset_name: docker-compose-linux-x86_64
-        asset_type: release
-        repository: docker/compose
-        cmds:
-          - install --group=root --mode=755 --owner=root {asset_dirname}/{asset_filename} /usr/local/bin/docker-compose
-          - test -d /usr/local/lib/docker/cli-plugins && (rm /usr/local/lib/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/local/lib/docker/cli-plugins) || true
-          - test -d /usr/local/libexec/docker/cli-plugins && (rm /usr/local/libexec/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/local/libexec/docker/cli-plugins) || true
-          - test -d /usr/lib/docker/cli-plugins && (rm /usr/lib/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/lib/docker/cli-plugins) || true
-          - test -d /usr/libexec/docker/cli-plugins && (rm /usr/libexec/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/libexec/docker/cli-plugins) || true
-      - asset_name: buildx-{version}.linux-amd64
-        asset_type: release
-        repository: docker/buildx
-        cmds:
-          - install --group=root --mode=755 --owner=root {asset_dirname}/{asset_filename} /usr/local/bin/docker-buildx
-          - test -d /usr/local/lib/docker/cli-plugins && (rm /usr/local/lib/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/local/lib/docker/cli-plugins) || true
-          - test -d /usr/local/libexec/docker/cli-plugins && (rm /usr/local/libexec/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/local/libexec/docker/cli-plugins) || true
-          - test -d /usr/lib/docker/cli-plugins && (rm /usr/lib/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/lib/docker/cli-plugins) || true
-          - test -d /usr/libexec/docker/cli-plugins && (rm /usr/libexec/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/libexec/docker/cli-plugins) || true
-      - asset_name: drawio-amd64-{version}.deb
-        asset_type: release
-        repository: jgraph/drawio-desktop
-        cmds:
-          - dpkg -i {asset_dirname}/{asset_filename}
-      - asset_name: OpenLens-{version}.amd64.deb
-        asset_type: release
-        repository: MuhammedKalkan/OpenLens
-        cmds:
-          - dpkg -i {asset_dirname}/{asset_filename}
-      - asset_name: stern_{version}_linux_amd64.tar.gz
-        asset_type: release
-        repository: stern/stern
-        cmds:
-          - tar -zxf {asset_dirname}/{asset_filename}
-          - install --group=root --mode=755 --owner=root stern /usr/local/bin
-      - asset_name: tofu_{version}_amd64.deb
-        asset_type: release
-        repository: opentofu/opentofu
-        cmds:
-          - dpkg -i {asset_dirname}/{asset_filename}
+    asset_name: "{{ item.asset_name | default('') }}"
+    asset_type: "{{ item.asset_type }}"
+    cmds: "{{ item.cmds | default([]) }}"
+    creates: "{{ item.creates | default('') }}"
+    repository: "{{ item.repository }}"
+    version: "{{ item.version | default('') }}"
+  loop:
+    - asset_name: kind-linux-amd64
+      asset_type: release
+      repository: kubernetes-sigs/kind
+      creates: /usr/local/bin/kind
+      cmds:
+        - install --group=root --owner=root --mode=755 {asset_dirname}/{asset_filename} /usr/local/bin/kind
+        - rm {asset_dirname}/{asset_filename}
+    - asset_name: dive_{version}_linux_amd64.deb
+      asset_type: release
+      repository: wagoodman/dive
+      creates: /usr/bin/dive
+      cmds:
+        - dpkg -i {asset_dirname}/{asset_filename}
+    - asset_name: kubeconform-linux-amd64.tar.gz
+      asset_type: release
+      repository: yannh/kubeconform
+      creates: /usr/local/bin/kubeconform
+      cmds:
+        - tar -zxf {asset_dirname}/{asset_filename}
+        - install --group=root --mode=755 --owner=root kubeconform /usr/local/bin
+    - asset_name: git-delta_{version}_amd64.deb
+      asset_type: release
+      repository: dandavison/delta
+      creates: /usr/bin/delta
+      cmds:
+        - dpkg -i {asset_dirname}/{asset_filename}
+    - asset_name: docker-compose-linux-x86_64
+      asset_type: release
+      repository: docker/compose
+      creates: /usr/local/bin/docker-compose
+      cmds:
+        - install --group=root --mode=755 --owner=root {asset_dirname}/{asset_filename} /usr/local/bin/docker-compose
+        - test -d /usr/local/lib/docker/cli-plugins && (rm /usr/local/lib/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/local/lib/docker/cli-plugins) || true
+        - test -d /usr/local/libexec/docker/cli-plugins && (rm /usr/local/libexec/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/local/libexec/docker/cli-plugins) || true
+        - test -d /usr/lib/docker/cli-plugins && (rm /usr/lib/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/lib/docker/cli-plugins) || true
+        - test -d /usr/libexec/docker/cli-plugins && (rm /usr/libexec/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/libexec/docker/cli-plugins) || true
+    - asset_name: buildx-{version}.linux-amd64
+      asset_type: release
+      repository: docker/buildx
+      creates: /usr/local/bin/docker-buildx
+      cmds:
+        - install --group=root --mode=755 --owner=root {asset_dirname}/{asset_filename} /usr/local/bin/docker-buildx
+        - test -d /usr/local/lib/docker/cli-plugins && (rm /usr/local/lib/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/local/lib/docker/cli-plugins) || true
+        - test -d /usr/local/libexec/docker/cli-plugins && (rm /usr/local/libexec/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/local/libexec/docker/cli-plugins) || true
+        - test -d /usr/lib/docker/cli-plugins && (rm /usr/lib/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/lib/docker/cli-plugins) || true
+        - test -d /usr/libexec/docker/cli-plugins && (rm /usr/libexec/docker/cli-plugins/docker-compose; ln -s /usr/local/bin/docker-compose /usr/libexec/docker/cli-plugins) || true
+    - asset_name: drawio-amd64-{version}.deb
+      asset_type: release
+      repository: jgraph/drawio-desktop
+      creates: /usr/bin/drawio
+      cmds:
+        - dpkg -i {asset_dirname}/{asset_filename}
+    - asset_name: OpenLens-{version}.amd64.deb
+      asset_type: release
+      repository: MuhammedKalkan/OpenLens
+      creates: /usr/bin/open-lens
+      cmds:
+        - dpkg -i {asset_dirname}/{asset_filename}
+    - asset_name: stern_{version}_linux_amd64.tar.gz
+      asset_type: release
+      repository: stern/stern
+      creates: /usr/local/bin/stern
+      cmds:
+        - tar -zxf {asset_dirname}/{asset_filename}
+        - install --group=root --mode=755 --owner=root stern /usr/local/bin
+    - asset_name: tofu_{version}_amd64.deb
+      asset_type: release
+      repository: opentofu/opentofu
+      creates: /usr/bin/tofu
+      cmds:
+        - dpkg -i {asset_dirname}/{asset_filename}

- name: '[Custom] install latest kubectl'
-  become: yes
-  tags:
-    - molecule-idempotence-notest
-  ansible.builtin.shell: |
-    kubeVersion=$(curl -sSL -f https://storage.googleapis.com/kubernetes-release/release/stable.txt 2> /dev/null)
-    kubeVersion=${kubeVersion:-v1.28.2}
-    curl --silent --compressed -L -XGET https://storage.googleapis.com/kubernetes-release/release/${kubeVersion}/bin/linux/amd64/kubectl -o kubectl
-    install --group=root --mode=755 --owner=root kubectl /usr/local/bin && rm kubectl
+- name: '[custom] install latest kubectl'
+  become: true
+  block:
+    - name: '[kubectl] find latest version available'
+      ansible.builtin.command:
+        cmd: curl -L -s https://dl.k8s.io/release/stable.txt
+      register: latest_kube_version
+      changed_when: false

- name: '[Custom] install latest Helm'
-  become: yes
-  tags:
-    - molecule-idempotence-notest
-  ansible.builtin.shell: |
-    helmVersion=$(curl -sSL https://api.github.com/repos/helm/helm/releases/latest | jq -r '.tag_name')
-    helmVersion=${helmVersion:-v3.13.0}
-    curl --silent --compressed -L -XGET https://get.helm.sh/helm-${helmVersion}-linux-amd64.tar.gz -o helm.tar.gz
-    tar -zxf helm.tar.gz
-    install --group=root --mode=755 --owner=root linux-amd64/helm /usr/local/bin && rm -rf linux-amd64 helm.tar.gz
+    - name: '[kubectl] fetch binary'
+      ansible.builtin.get_url:
+        url: "https://dl.k8s.io/release/{{ latest_kube_version.stdout }}/bin/linux/amd64/kubectl"
+        dest: /usr/local/bin/kubectl
+        owner: root
+        group: root
+        mode: '0755'
+
+- name: '[custom] install latest Helm'
+  become: true
+  block:
+    - name: '[helm] find latest version available'
+      ansible.builtin.shell: |-
+        curl -sSL https://api.github.com/repos/helm/helm/releases/latest | jq -r '.tag_name'
+      register: latest_helm_version
+      changed_when: false
+
+    - name: '[helm] find if binary is already installed'
+      ansible.builtin.file:
+        path: /usr/local/bin/helm
+      register: helm_stat
+      changed_when: false
+      failed_when: false
+
+    - name: '[helm] setup temp directory'
+      ansible.builtin.file:
+        path: /tmp/helm-unarchive
+        state: directory
+        owner: root
+        group: root
+        mode: '0700'
+      when: helm_stat.state is match("absent")
+
+    - name: '[helm] fetch archive'
+      ansible.builtin.unarchive:
+        remote_src: true
+        src: "https://get.helm.sh/helm-{{ latest_helm_version.stdout }}-linux-amd64.tar.gz"
+        dest: /tmp/helm-unarchive
+      when: helm_stat.state is match("absent")
+
+    - name: '[helm] install binary'
+      ansible.builtin.copy:
+        remote_src: true
+        src: /tmp/helm-unarchive/linux-amd64/helm
+        dest: /usr/local/bin/helm
+        owner: root
+        group: root
+        mode: '0755'
+      when: helm_stat.state is match("absent")
+
+    - name: '[helm] cleanup'
+      ansible.builtin.file:
+        path: /tmp/helm-unarchive
+        state: absent
+      when: helm_stat.state is match("absent")

 - name: '[custom] install Docker CE repository'
+  become: true
  block:
-    - name: '[apt key] retrieve GPG key'
-      tags:
-        - molecule-idempotence-notest
-      ansible.builtin.shell: |-
-        curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-        chmod a+r /etc/apt/keyrings/docker.gpg
+    - name: '[apt key] add docker key'
+      ansible.builtin.get_url:
+        url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
+        dest: /etc/apt/trusted.gpg.d/docker.asc
+        mode: '0644'

    - name: '[apt key] add source'
      ansible.builtin.apt_repository:
-        repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+        repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
        state: present
-
-    - name: '[Apt Key] refresh repository'
-      ansible.builtin.apt:
+        filename: docker
        update_cache: true
-        force_apt_get: true
-        cache_valid_time: 0

-    - name: '[Apt] install Docker CE'
-      become: yes
+    - name: '[apt] install Docker CE'
      ansible.builtin.apt:
        update_cache: true
        force_apt_get: true
@ -143,4 +233,97 @@
          - docker-ce
          - docker-ce-cli
          - containerd.io
-        state: present
+        state: present
+
+    - name: '[docker] update daemon configuration'
+      ansible.builtin.template:
+        src: ../templates/docker-ce/daemon.json.j2
+        dest: /etc/docker/daemon.json
+        mode: '0644'
+      notify:
+        - 'development : [docker] restart service'
+
+    - name: '[docker] add default user to docker group'
+      ansible.builtin.user:
+        name: "{{ development_docker_remap_user }}"
+        append: true
+        groups: docker
+        state: present
+  notify:
+    - 'development : [docker] restart service'
+
+- name: '[python] install tools'
+  become: true
+  become_user: "{{ custom_base_user_account }}"
+  ansible.builtin.command:
+    cmd: "pipx install {{ item.cmd }}"
+    creates: "{{ getent_passwd[custom_base_user_account][4] }}/.local/bin/{{ item.creates }}"
+  loop:
+    - { "cmd": "black", "creates": "black" }
+    - { "cmd": "flake8", "creates": "flake8" }
+
+- name: '[python] install pipx packages dependencies'
+  become: true
+  become_user: "{{ custom_base_user_account }}"
+  ansible.builtin.command:
+    cmd: "pipx inject {{ item.venv }} {{ item.extension }}"
+    creates:
+      "{{ getent_passwd[custom_base_user_account][4] }}/.local/pipx/venvs/{{ item.venv }}/lib/python3.11/site-packages/{{ item.creates }}"
+  loop:
+    - venv: "flake8"
+      extension: "flake8-annotations-complexity"
+      creates: "flake8_annotations_complexity"
+    - venv: "flake8"
+      extension: "flake8-bandit"
+      creates: "flake8_bandit.py"
+    - venv: "flake8"
+      extension: "flake8-breakpoint"
+      creates: "flake8_breakpoint"
+    - venv: "flake8"
+      extension: "flake8-bugbear"
+      creates: "bugbear.py"
+    - venv: "flake8"
+      extension: "flake8-builtins"
+      creates: "flake8_builtins.py"
+    - venv: "flake8"
+      extension: "flake8-comprehensions"
+      creates: "flake8_comprehensions"
+    - venv: "flake8"
+      extension: "flake8-docstrings"
+      creates: "flake8_docstrings.py"
+    - venv: "flake8"
+      extension: "flake8-eradicate"
+      creates: "flake8_eradicate.py"
+    - venv: "flake8"
+      extension: "flake8-expression-complexity"
+      creates: "flake8_expression_complexity"
+    - venv: "flake8"
+      extension: "flake8-if-expr"
+      creates: "flake8_if_expr"
+    - venv: "flake8"
+      extension: "flake8-isort"
+      creates: "flake8_isort.py"
+    - venv: "flake8"
+      extension: "flake8-logging-format"
+      creates: "logging_format"
+    - venv: "flake8"
+      extension: "flake8-print"
+      creates: "flake8_print.py"
+    - venv: "flake8"
+      extension: "flake8-pytest"
+      creates: "flake8_pytest.py"
+    - venv: "flake8"
+      extension: "flake8-pytest-style"
+      creates: "flake8_pytest_style"
+    - venv: "flake8"
+      extension: "flake8-requirements"
+      creates: "flake8_requirements"
+    - venv: "flake8"
+      extension: "flake8-return"
+      creates: "flake8_return"
+    - venv: "flake8"
+      extension: "flake8-rst-docstrings"
+      creates: "flake8_rst_docstrings.py"
+    - venv: "flake8"
+      extension: "pep8-naming"
+      creates: "pep8ext_naming.py"
--- a/collections/ansible_collections/nullified/infrastructure/roles/development/templates/docker-ce/daemon.json.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/development/templates/docker-ce/daemon.json.j2
@ -0,0 +1,4 @@
+{
+    "userns-remap": "{{ development_docker_remap_user }}:{{ development_docker_remap_group }}",
+    "cgroup-parent": "{{ development_docker_systemd_slice }}"
+}
--- a/collections/ansible_collections/nullified/infrastructure/roles/development/vars/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/development/vars/main.yml
@ -1,2 +1,2 @@
 ---
-# vars file for development
+development_docker_systemd_slice: docker.slice