From 7aaa5b93fcdd244db859d0923b57f59f35a6b049 Mon Sep 17 00:00:00 2001 From: L3D Date: Thu, 21 Sep 2023 16:47:27 +0200 Subject: [PATCH] Adding gopass apt sources --- .github/workflows/ansible-alpine-latest.yml | 18 --------- .../workflows/ansible-archlinux-latest.yml | 18 --------- .github/workflows/ansible-centos-centos7.yml | 18 --------- .github/workflows/ansible-centos-centos8.yml | 18 --------- .github/workflows/ansible-centos-latest.yml | 18 --------- .github/workflows/ansible-debian-bullseye.yml | 18 --------- .github/workflows/ansible-debian-buster.yml | 18 --------- .github/workflows/ansible-debian-latest.yml | 18 --------- .github/workflows/ansible-debian-sid.yml | 18 --------- .github/workflows/ansible-debian-stable.yml | 18 --------- .github/workflows/ansible-debian-stretch.yml | 18 --------- .github/workflows/ansible-fedora-31.yml | 18 --------- .github/workflows/ansible-fedora-32.yml | 18 --------- .github/workflows/ansible-fedora-33.yml | 18 --------- .github/workflows/ansible-fedora-latest.yml | 18 --------- .github/workflows/ansible-linting-check.yml | 22 ----------- .github/workflows/ansible-ubuntu-bionic.yml | 18 --------- .github/workflows/ansible-ubuntu-latest.yml | 18 --------- .github/workflows/ansible-ubuntu-trusty.yml | 18 --------- .github/workflows/yamllint.yaml | 22 ----------- LICENSE | 2 +- README.md | 5 ++- defaults/main.yml | 1 + handlers/main.yml | 5 +++ tasks/gopass-install/install-on-debian.yml | 39 +++++++++++++++++++ tasks/main.yml | 14 ++++++- tasks/versioncheck.yml | 18 ++++----- templates/apt.gopass.sources.j2 | 6 +++ vars/main.yml | 3 +- 29 files changed, 78 insertions(+), 383 deletions(-) delete mode 100644 .github/workflows/ansible-alpine-latest.yml delete mode 100644 .github/workflows/ansible-archlinux-latest.yml delete mode 100644 .github/workflows/ansible-centos-centos7.yml delete mode 100644 .github/workflows/ansible-centos-centos8.yml delete mode 100644 .github/workflows/ansible-centos-latest.yml delete mode 100644 .github/workflows/ansible-debian-bullseye.yml delete mode 100644 .github/workflows/ansible-debian-buster.yml delete mode 100644 .github/workflows/ansible-debian-latest.yml delete mode 100644 .github/workflows/ansible-debian-sid.yml delete mode 100644 .github/workflows/ansible-debian-stable.yml delete mode 100644 .github/workflows/ansible-debian-stretch.yml delete mode 100644 .github/workflows/ansible-fedora-31.yml delete mode 100644 .github/workflows/ansible-fedora-32.yml delete mode 100644 .github/workflows/ansible-fedora-33.yml delete mode 100644 .github/workflows/ansible-fedora-latest.yml delete mode 100644 .github/workflows/ansible-linting-check.yml delete mode 100644 .github/workflows/ansible-ubuntu-bionic.yml delete mode 100644 .github/workflows/ansible-ubuntu-latest.yml delete mode 100644 .github/workflows/ansible-ubuntu-trusty.yml delete mode 100644 .github/workflows/yamllint.yaml create mode 100644 handlers/main.yml create mode 100644 tasks/gopass-install/install-on-debian.yml create mode 100644 templates/apt.gopass.sources.j2 diff --git a/.github/workflows/ansible-alpine-latest.yml b/.github/workflows/ansible-alpine-latest.yml deleted file mode 100644 index 07bfff0..0000000 --- a/.github/workflows/ansible-alpine-latest.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check alpine:latest - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with alpine:latest - uses: roles-ansible/check-ansible-alpine-latest-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-archlinux-latest.yml b/.github/workflows/ansible-archlinux-latest.yml deleted file mode 100644 index e823f0c..0000000 --- a/.github/workflows/ansible-archlinux-latest.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check archlinux:latest - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with archlinux:latest - uses: roles-ansible/check-ansible-archlinux-latest-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-centos-centos7.yml b/.github/workflows/ansible-centos-centos7.yml deleted file mode 100644 index 401d2c0..0000000 --- a/.github/workflows/ansible-centos-centos7.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check centos:centos7 - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with ubuntu:centos7 - uses: roles-ansible/check-ansible-centos-centos7-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-centos-centos8.yml b/.github/workflows/ansible-centos-centos8.yml deleted file mode 100644 index f20097b..0000000 --- a/.github/workflows/ansible-centos-centos8.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check centos:centos8 - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with ubuntu:centos8 - uses: roles-ansible/check-ansible-centos-centos8-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-centos-latest.yml b/.github/workflows/ansible-centos-latest.yml deleted file mode 100644 index 94eb54b..0000000 --- a/.github/workflows/ansible-centos-latest.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check centos:latest - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with ubuntu:latest - uses: roles-ansible/check-ansible-centos-latest-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-debian-bullseye.yml b/.github/workflows/ansible-debian-bullseye.yml deleted file mode 100644 index 4b7c45d..0000000 --- a/.github/workflows/ansible-debian-bullseye.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check debian:bullseye - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with debian:bullseye - uses: roles-ansible/check-ansible-debian-bullseye-action@main - with: - targets: "./" diff --git a/.github/workflows/ansible-debian-buster.yml b/.github/workflows/ansible-debian-buster.yml deleted file mode 100644 index d76b02c..0000000 --- a/.github/workflows/ansible-debian-buster.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check debian:buster - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with debian:buster - uses: roles-ansible/check-ansible-debian-buster-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-debian-latest.yml b/.github/workflows/ansible-debian-latest.yml deleted file mode 100644 index f7eb5b6..0000000 --- a/.github/workflows/ansible-debian-latest.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check debian:latest - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with debian:latest - uses: roles-ansible/check-ansible-debian-latest-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-debian-sid.yml b/.github/workflows/ansible-debian-sid.yml deleted file mode 100644 index 2e3215a..0000000 --- a/.github/workflows/ansible-debian-sid.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check debian:sid - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with debian:sid - uses: roles-ansible/check-ansible-debian-sid-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-debian-stable.yml b/.github/workflows/ansible-debian-stable.yml deleted file mode 100644 index e47f773..0000000 --- a/.github/workflows/ansible-debian-stable.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check debian:stable - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with debian:stable - uses: roles-ansible/check-ansible-debian-stable-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-debian-stretch.yml b/.github/workflows/ansible-debian-stretch.yml deleted file mode 100644 index c947cae..0000000 --- a/.github/workflows/ansible-debian-stretch.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check debian:stretch - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with debian:stretch - uses: roles-ansible/check-ansible-debian-stretch-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-fedora-31.yml b/.github/workflows/ansible-fedora-31.yml deleted file mode 100644 index 08502fe..0000000 --- a/.github/workflows/ansible-fedora-31.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check fedora:31 - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with fedora:31 - uses: roles-ansible/check-ansible-fedora-31-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-fedora-32.yml b/.github/workflows/ansible-fedora-32.yml deleted file mode 100644 index e362dd4..0000000 --- a/.github/workflows/ansible-fedora-32.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check fedora:32 - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with fedora:32 - uses: roles-ansible/check-ansible-fedora-32-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-fedora-33.yml b/.github/workflows/ansible-fedora-33.yml deleted file mode 100644 index 70c52ad..0000000 --- a/.github/workflows/ansible-fedora-33.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check fedora:33 - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with fedora:33 - uses: roles-ansible/check-ansible-fedora-33-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-fedora-latest.yml b/.github/workflows/ansible-fedora-latest.yml deleted file mode 100644 index 7cfbdf7..0000000 --- a/.github/workflows/ansible-fedora-latest.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check fedora:latest - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with fedora:latest - uses: roles-ansible/check-ansible-fedora-latest-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-linting-check.yml b/.github/workflows/ansible-linting-check.yml deleted file mode 100644 index 41dcb97..0000000 --- a/.github/workflows/ansible-linting-check.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -name: Ansible Lint check - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Lint Ansible Playbook - uses: ansible/ansible-lint-action@master - with: - targets: "." - # [required] - # Paths to ansible files (i.e., playbooks, tasks, handlers etc..) - args: "" - # [optional] diff --git a/.github/workflows/ansible-ubuntu-bionic.yml b/.github/workflows/ansible-ubuntu-bionic.yml deleted file mode 100644 index 0f9edd8..0000000 --- a/.github/workflows/ansible-ubuntu-bionic.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check ubuntu:bionic - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with ubuntu:bionic - uses: roles-ansible/check-ansible-ubuntu-bionic-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-ubuntu-latest.yml b/.github/workflows/ansible-ubuntu-latest.yml deleted file mode 100644 index b9544a5..0000000 --- a/.github/workflows/ansible-ubuntu-latest.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check ubuntu:latest - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with ubuntu:latest - uses: roles-ansible/check-ansible-ubuntu-latest-action@master - with: - targets: "./" diff --git a/.github/workflows/ansible-ubuntu-trusty.yml b/.github/workflows/ansible-ubuntu-trusty.yml deleted file mode 100644 index 6cde8b8..0000000 --- a/.github/workflows/ansible-ubuntu-trusty.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Ansible check ubuntu:trusty - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: ansible check with ubuntu:trusty - uses: roles-ansible/check-ansible-ubuntu-trusty-action@master - with: - targets: "./" diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml deleted file mode 100644 index 39c49f8..0000000 --- a/.github/workflows/yamllint.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -name: 'Yamllint GitHub Actions' - -# yamllint disable-line rule:truthy -on: [push, pull_request] - -jobs: - yamllint: - name: 'Yamllint' - runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@master - - name: 'Yamllint' - uses: karancode/yamllint-github-action@master - with: - yamllint_file_or_dir: '.' - yamllint_config_filepath: './.yamllint' - yamllint_strict: false - yamllint_comment: true -# env: -# GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN } diff --git a/LICENSE b/LICENSE index 9c979b4..6421dd4 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2021 L3D +Copyright (c) 2023 L3D Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 807f23e..0c1e8d4 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ -# ansible_role_template -Template for Ansible roles +# Gopass Ansible Rolle + +Ansile role to install the Password Manager [gopass](https://www.gopass.pw/). Gopass is a simple but powerful password manager for your terminal. And it is 100% API Compatible to the standard unix password manager [pass](https://passwordstore.org). diff --git a/defaults/main.yml b/defaults/main.yml index c8d9a89..0afe96d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,4 @@ --- +gopass__add_apt_repo: true # should we do a version check? (recomended) submodules_versioncheck: false diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..f037caf --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Trigger apt update + become: true + ansible.builtin.apt: + update_cache: true diff --git a/tasks/gopass-install/install-on-debian.yml b/tasks/gopass-install/install-on-debian.yml new file mode 100644 index 0000000..98655c7 --- /dev/null +++ b/tasks/gopass-install/install-on-debian.yml @@ -0,0 +1,39 @@ +--- +- name: Update apt cache + become: true + ansible.builtin.apt: + cache_valid_time: 3600 + +- name: Adding Gopass Package Repository + when: gopass__add_apt_repo | bool + block: + - name: Add Gopass archive keyring + ansible.builtin.get_url: + url: https://packages.gopass.pw/repos/gopass/gopass-archive-keyring.gpg + dest: "{{ gopass__keyring }}" + owner: root + group: root + mode: 0644 + become: true + + - name: Add Gopass repository source + become: true + ansible.builtin.template: + src: "templates/apt.gopass.sources.j2" + dest: '/etc/apt/sources.list.d/gopass.sources' + mode: 0644 + group: root + owner: root + notify: Trigger apt update + + - name: Trigger Handlers + ansible.builtin.meta: flush_handlers + + - name: Install Gopass and Gopass archive keyring + ansible.builtin.apt: + name: "{{ item }}" + state: present + become: true + with_items: + - gopass-archive-keyring + - gopass diff --git a/tasks/main.yml b/tasks/main.yml index 7c5850f..e49325e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,14 @@ --- -- name: run optional versionscheck +- name: Run optional versionscheck ansible.builtin.include_tasks: versioncheck.yml - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool + +- name: Install GoPass Packages + ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', gopass_install) }}" + vars: + gopass_install: + files: + - "install-on-{{ ansible_os_family | lower }}.yml" + - 'install-gopass-default.yml' + paths: + - 'tasks/gopass-install' diff --git a/tasks/versioncheck.yml b/tasks/versioncheck.yml index 5128cc8..647f93c 100644 --- a/tasks/versioncheck.yml +++ b/tasks/versioncheck.yml @@ -8,37 +8,37 @@ path: '/etc/.ansible-version' state: directory mode: 0755 - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool -- name: check playbook version +- name: Check playbook version become: true ansible.builtin.slurp: src: "/etc/.ansible-version/{{ playbook_version_path }}" register: playbook_version - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool ignore_errors: true failed_when: false - name: Print remote role version ansible.builtin.debug: msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}" - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool - name: Print locale role version ansible.builtin.debug: - msg: "Local role version: '{{ playbook_version_number|string }}'." - when: submodules_versioncheck|bool + msg: "Local role version: '{{ playbook_version_number | string }}'." + when: submodules_versioncheck | bool - name: Check if your version is outdated ansible.builtin.fail: msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!" when: - - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool + - playbook_version.content | default("Mgo=") | b64decode | int - 1 >= playbook_version_number | int and submodules_versioncheck | bool -- name: write new version to remote disk +- name: Write new version to remote disk become: true ansible.builtin.copy: content: "{{ playbook_version_number }}" dest: "/etc/.ansible-version/{{ playbook_version_path }}" mode: '0644' - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool diff --git a/templates/apt.gopass.sources.j2 b/templates/apt.gopass.sources.j2 new file mode 100644 index 0000000..259abc2 --- /dev/null +++ b/templates/apt.gopass.sources.j2 @@ -0,0 +1,6 @@ +Types: deb +URIs: https://packages.gopass.pw/repos/gopass +Suites: stable +Architectures: amd64 arm64 armhf +Components: main +Signed-By: {{ gopass__keyring }} diff --git a/vars/main.yml b/vars/main.yml index bf4b0d9..3c08ad9 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,4 +1,5 @@ --- +gopass__keyring: /usr/share/keyrings/gopass-archive-keyring.gpg # versionscheck playbook_version_number: 02 # should be a integer -playbook_version_path: 'role-.version' +playbook_version_path: 'l3d.gopass.version'