diff --git a/Makefile b/Makefile deleted file mode 100644 index d1ea1cd..0000000 --- a/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -.DEFAULT_GOAL := jsonnet - -# Requires the Go implementation of Jsonnet -.PHONY: jsonnet -jsonnet: - @find . -name "*.jsonnet" -o -name "*.libsonnet" -type f | xargs -I{} sh -c 'jsonnet-lint {} && jsonnetfmt -i {}' - @find . -name "*.jsonnet" -type f | xargs -I{} sh ./scripts/jsonnet2yaml.sh {} - -.PHONY: lint -lint: - @ansible-lint ./playbooks/ diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 0000000..4322976 --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,36 @@ +--- +version: '3' + +silent: true + +tasks: + ansible-lint: + cmd: ansible-lint ./playbooks/ + desc: Lint Ansible playbooks + + jsonnet-lint: + cmd: |- + find . \ + -name "*.jsonnet" \ + -o -name "*.libsonnet" \ + -type f \ + | xargs -I{} sh -c 'jsonnet-lint {} && jsonnetfmt -i {}' + desc: Lint and format Jsonnet files + + lint: + deps: + - ansible-lint + - jsonnet-lint + desc: Run various linting tasks + + jsonnet: + aliases: + - default + deps: + - jsonnet-lint + cmd: |- + find . \ + -name "*.jsonnet" \ + -type f \ + | xargs -I{} sh ./scripts/jsonnet2yaml.sh {} + desc: Generate YAML Ansible tasks from Jsonnet sources diff --git a/requirements/accepted_variables.yml b/requirements/assert.yml similarity index 100% rename from requirements/accepted_variables.yml rename to requirements/assert.yml diff --git a/requirements/collections.yml b/requirements/collections.yml index afc836d..ba12050 100644 --- a/requirements/collections.yml +++ b/requirements/collections.yml @@ -1,3 +1,4 @@ --- collections: - name: community.general + - name: containers.podman diff --git a/roles/containers/tasks/apptainer.jsonnet b/roles/containers/tasks/apptainer.jsonnet index e55ce27..1fc79db 100644 --- a/roles/containers/tasks/apptainer.jsonnet +++ b/roles/containers/tasks/apptainer.jsonnet @@ -66,6 +66,11 @@ local docker_images = image: 'gcr.io/bazel-public/bazel', tag: '6.4.0', }, + { + name: 'asciidoctor', + image: 'docker.io/asciidoctor/docker-asciidoctor', + tag: '1.58.0', + }, { name: 'terraform', image: 'docker.io/hashicorp/terraform', @@ -78,6 +83,16 @@ local docker_images = tag: '1.15.1', args: hashicorp_args, }, + { + name: 'consul', + image: 'docker.io/hashicorp/consul', + tag: '1.16.2', + }, + { + name: 'nomad', + image: 'docker.io/hashicorp/nomad', + tag: '1.6.2', + }, ]; std.manifestYamlDoc([docker_to_apptainer(x) for x in docker_images]) diff --git a/roles/containers/tasks/apptainer.yml b/roles/containers/tasks/apptainer.yml index 7dd7494..506a140 100644 --- a/roles/containers/tasks/apptainer.yml +++ b/roles/containers/tasks/apptainer.yml @@ -25,6 +25,28 @@ name: apptainer | Create bazel-apptainer launch script name: apptainer | Create bazel environment tags: bazel-apptainer +- block: + - command: + cmd: rm -rf ~/.local/libexec/asciidoctor.sif + removes: ~/.local/libexec/asciidoctor.sif + name: apptainer | Clean old asciidoctor.sif file + - command: + cmd: /usr/bin/apptainer pull ~/.local/libexec/asciidoctor.sif docker://docker.io/asciidoctor/docker-asciidoctor:1.58.0 + creates: ~/.local/libexec/asciidoctor.sif + removes: /usr/bin/apptainer + name: apptainer | Pull and build asciidoctor.sif file + - copy: + content: | + #!/bin/sh + TERM=xterm-256color \ + exec apptainer --silent --quiet exec \ + --ipc --no-eval --no-privs --unsquash --userns --uts --pid --cleanenv \ + ~/.local/libexec/asciidoctor.sif asciidoctor "$@" + dest: ~/.local/bin/asciidoctor + mode: "755" + name: apptainer | Create asciidoctor-apptainer launch script + name: apptainer | Create asciidoctor environment + tags: asciidoctor-apptainer - block: - command: cmd: rm -rf ~/.local/libexec/terraform.sif @@ -69,3 +91,47 @@ name: apptainer | Create vault-apptainer launch script name: apptainer | Create vault environment tags: vault-apptainer +- block: + - command: + cmd: rm -rf ~/.local/libexec/consul.sif + removes: ~/.local/libexec/consul.sif + name: apptainer | Clean old consul.sif file + - command: + cmd: /usr/bin/apptainer pull ~/.local/libexec/consul.sif docker://docker.io/hashicorp/consul:1.16.2 + creates: ~/.local/libexec/consul.sif + removes: /usr/bin/apptainer + name: apptainer | Pull and build consul.sif file + - copy: + content: | + #!/bin/sh + TERM=xterm-256color \ + exec apptainer --silent --quiet exec \ + --ipc --no-eval --no-privs --unsquash --userns --uts --pid --cleanenv \ + ~/.local/libexec/consul.sif consul "$@" + dest: ~/.local/bin/consul + mode: "755" + name: apptainer | Create consul-apptainer launch script + name: apptainer | Create consul environment + tags: consul-apptainer +- block: + - command: + cmd: rm -rf ~/.local/libexec/nomad.sif + removes: ~/.local/libexec/nomad.sif + name: apptainer | Clean old nomad.sif file + - command: + cmd: /usr/bin/apptainer pull ~/.local/libexec/nomad.sif docker://docker.io/hashicorp/nomad:1.6.2 + creates: ~/.local/libexec/nomad.sif + removes: /usr/bin/apptainer + name: apptainer | Pull and build nomad.sif file + - copy: + content: | + #!/bin/sh + TERM=xterm-256color \ + exec apptainer --silent --quiet exec \ + --ipc --no-eval --no-privs --unsquash --userns --uts --pid --cleanenv \ + ~/.local/libexec/nomad.sif nomad "$@" + dest: ~/.local/bin/nomad + mode: "755" + name: apptainer | Create nomad-apptainer launch script + name: apptainer | Create nomad environment + tags: nomad-apptainer diff --git a/roles/containers/tasks/podman.jsonnet b/roles/containers/tasks/podman.jsonnet index 0f0ceb1..a8e3ad0 100644 --- a/roles/containers/tasks/podman.jsonnet +++ b/roles/containers/tasks/podman.jsonnet @@ -1,37 +1,10 @@ -local images = ['ltex-ls', 'translate-shell', 'marksman']; - -// Special container images -local aports_dev = { - local name = 'aports-dev', - local normalized_name = 'aports_dev', - - name: 'podman | Create aports development environment', - tags: name, - block: [ - { - name: 'podman | Get current date as ' + name + "'s image tag", - command: '/bin/date -u "+%Y-%m-%d"', - changed_when: false, - register: normalized_name + '_version', - }, - { - name: 'podman | Build ' + name + ' container image', - 'containers.podman.podman_image': { - name: name, - path: '{{ role_path }}/build_dirs/' + name, - tag: '{{ ' + normalized_name + '_version.stdout }}', - state: 'present', - }, - }, - { - name: 'podman | Install ' + name + ' wrapper script', - template: { - src: name + '.j2', - dest: '~/.local/bin/' + name, - mode: '755', - }, - }, - ], +local copy_script(name) = { + name: 'podman | Install ' + name + ' wrapper script', + template: { + src: name + '.j2', + dest: '~/.local/bin/' + name, + mode: '755', + }, }; local podman(name) = std.prune( @@ -52,16 +25,62 @@ local podman(name) = std.prune( state: 'present', }, }, - { - name: 'podman | Install ' + name + ' wrapper script', - template: { - src: name + '.j2', - dest: '~/.local/bin/' + name, - mode: '755', - }, - }, + copy_script(name), ], } ); -std.manifestYamlDoc([podman(x) for x in images] + [aports_dev]) +// Special container images +local special_containers = [ + { + local name = 'aports-dev', + local normalized_name = 'aports_dev', + + name: 'podman | Create aports development environment', + tags: name, + block: [ + { + name: 'podman | Get current date as ' + name + "'s image tag", + command: '/bin/date -u "+%Y-%m-%d"', + changed_when: false, + register: normalized_name + '_version', + }, + { + name: 'podman | Build ' + name + ' container image', + 'containers.podman.podman_image': { + name: name, + path: '{{ role_path }}/build_dirs/' + name, + tag: '{{ ' + normalized_name + '_version.stdout }}', + state: 'present', + }, + }, + copy_script(name), + ], + }, + { + local name = 'vagrant', + + name: 'podman | Create ' + name + 'shim', + tags: name, + vars: { + vagrant_image_repository: 'docker.io/vagrantlibvirt/vagrant-libvirt', + vagrant_image_tag: 'latest-slim', + }, + block: [ + { + name: 'podman | Keep vagrant Docker image up-to-date', + 'containers.podman.podman_image': { + name: '{{ vagrant_image_repository }}', + tag: '{{ vagrant_image_tag }}', + force: true, + }, + }, + copy_script(name), + ], + }, +]; + +// Images to be built in a uniform way +local images = ['ltex-ls', 'translate-shell', 'marksman']; + +std.manifestYamlDoc([podman(x) for x in images] + special_containers) diff --git a/roles/containers/tasks/podman.yml b/roles/containers/tasks/podman.yml index 9714eb1..763dc03 100644 --- a/roles/containers/tasks/podman.yml +++ b/roles/containers/tasks/podman.yml @@ -69,3 +69,19 @@ src: aports-dev.j2 name: podman | Create aports development environment tags: aports-dev +- block: + - containers.podman.podman_image: + force: true + name: '{{ vagrant_image_repository }}' + tag: '{{ vagrant_image_tag }}' + name: podman | Keep vagrant Docker image up-to-date + - name: podman | Install vagrant wrapper script + template: + dest: ~/.local/bin/vagrant + mode: "755" + src: vagrant.j2 + name: podman | Create vagrantshim + tags: vagrant + vars: + vagrant_image_repository: docker.io/vagrantlibvirt/vagrant-libvirt + vagrant_image_tag: latest-slim diff --git a/roles/containers/templates/ltex-ls.j2 b/roles/containers/templates/ltex-ls.j2 index d20576a..cbfc027 100644 --- a/roles/containers/templates/ltex-ls.j2 +++ b/roles/containers/templates/ltex-ls.j2 @@ -1,6 +1,6 @@ #!/bin/sh -podman run \ +exec podman run \ --cap-drop ALL \ --security-opt no-new-privileges \ --read-only-tmpfs \ diff --git a/roles/containers/templates/marksman.j2 b/roles/containers/templates/marksman.j2 index 5a3e909..bea964d 100644 --- a/roles/containers/templates/marksman.j2 +++ b/roles/containers/templates/marksman.j2 @@ -1,6 +1,6 @@ #!/bin/sh -podman run \ +exec podman run \ --cap-drop ALL \ --security-opt no-new-privileges \ --read-only-tmpfs \ diff --git a/roles/containers/templates/translate-shell.j2 b/roles/containers/templates/translate-shell.j2 index a061c4b..69e092a 100644 --- a/roles/containers/templates/translate-shell.j2 +++ b/roles/containers/templates/translate-shell.j2 @@ -1,6 +1,6 @@ #!/bin/sh -podman run \ +exec podman run \ --cap-drop ALL \ --cap-add NET_RAW \ --security-opt no-new-privileges \ diff --git a/roles/containers/templates/vagrant.j2 b/roles/containers/templates/vagrant.j2 new file mode 100644 index 0000000..c120407 --- /dev/null +++ b/roles/containers/templates/vagrant.j2 @@ -0,0 +1,18 @@ +#!/bin/sh + +# Source: https://vagrant-libvirt.github.io/vagrant-libvirt/installation.html + +exec podman run \ + --rm -it \ + -e LIBVIRT_DEFAULT_URI \ + -e CHECKPOINT_DISABLE=true \ + -e VAGRANT_BOX_UPDATE_CHECK_DISABLE=true \ + -v /var/run/libvirt:/var/run/libvirt \ + -v ~/.vagrant.d:/.vagrant.d \ + -v "$(realpath "$PWD")":"$PWD" \ + -w "$PWD" \ + --network host \ + --entrypoint /bin/bash \ + --security-opt label=disable \ + {{ vagrant_image_repository }}:{{ vagrant_image_tag }} \ + vagrant "$@" diff --git a/roles/packages/tasks/go-packages.jsonnet b/roles/packages/tasks/go-packages.jsonnet index fb34f3c..9339bfa 100644 --- a/roles/packages/tasks/go-packages.jsonnet +++ b/roles/packages/tasks/go-packages.jsonnet @@ -74,7 +74,7 @@ local packages = { name: 'zk', url: 'github.com/mickael-menu/zk' }, { name: 'mods', url: 'github.com/charmbracelet/mods' }, - // Nicety Pulumi stuff + // Nifty Pulumi stuff { name: 'crd2pulumi', url: 'github.com/pulumi/crd2pulumi' }, { name: 'schema-tools', url: 'github.com/pulumi/schema-tools' }, { name: 'kubespy', url: 'github.com/pulumi/kubespy' }, diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml index 9dbe4e2..36ef1a7 100644 --- a/roles/packages/tasks/main.yml +++ b/roles/packages/tasks/main.yml @@ -29,13 +29,6 @@ cabal_arguments: --overwrite-policy=always --enable-library-stripping --enable-executable-stripping import_tasks: haskell-packages.yml -- name: packages | Install Ruby packages with gem - tags: [gem, ruby] - environment: - GEM_HOME: '{{ ansible_env.HOME }}/.local/share/gem' - GEM_SPEC_CACHE: '{{ ansible_env.HOME }}/.cache/gem' - import_tasks: ruby-packages.yml - - name: packages | Install Python packages with pip tags: [pip, python] vars: @@ -49,10 +42,6 @@ PYENV_ROOT: '{{ ansible_env.HOME }}/.local/share/pyenv' import_tasks: pyenv.yml -- name: packages | Install vagrant - tags: vagrant - import_tasks: vagrant.yml - - name: packages | Install system packages tags: apk become: true @@ -79,3 +68,4 @@ - https://github.com/helm/helm-mapkubeapis.git - https://github.com/hypnoglow/helm-s3.git - https://github.com/jkroepke/helm-secrets.git + - https://github.com/chartmuseum/helm-push.git diff --git a/roles/packages/tasks/pyenv.yml b/roles/packages/tasks/pyenv.yml index 106526b..c1e0691 100644 --- a/roles/packages/tasks/pyenv.yml +++ b/roles/packages/tasks/pyenv.yml @@ -11,6 +11,7 @@ repo: 'https://github.com/pyenv/{{ item }}.git' dest: '{{ ansible_env.PYENV_ROOT }}/plugins/{{ item }}' loop: + - pyenv-ccache # requires `ccache` package installed - pyenv-update - pyenv-virtualenv diff --git a/roles/packages/tasks/ruby-packages.yml b/roles/packages/tasks/ruby-packages.yml deleted file mode 100644 index 1386749..0000000 --- a/roles/packages/tasks/ruby-packages.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: packages | Install asciidoctor-diagram - community.general.gem: - name: asciidoctor-diagram - norc: true - state: latest - tags: asciidoctor-diagram diff --git a/roles/packages/tasks/vagrant.yml b/roles/packages/tasks/vagrant.yml deleted file mode 100644 index 56dccdc..0000000 --- a/roles/packages/tasks/vagrant.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: vagrant | Install system dependencies - community.general.apk: - name: libvirt-dev, ruby-bundler, ruby-dev - state: present - tags: system - become: true - -- name: vagrant | Clone vagant repository - git: - depth: 1 - repo: https://github.com/hashicorp/vagrant.git - dest: '{{ vagrant_dir }}' - -- name: vagrant | Build vagrant - community.general.bundler: - chdir: '{{ vagrant_dir }}' - state: present - gem_path: vendor - binstub_directory: exec - -- name: vagrant | Symlink vagrant executable - file: - src: '{{ vagrant_dir }}/exec/vagrant' - dest: ~/.local/bin/vagrant - state: link - -- name: vagrant | Check whether vagrant-libvirt plugin is installed - shell: - cmd: ~/.local/bin/vagrant plugin list | grep -qF 'vagrant-libvirt' - removes: ~/.local/bin/vagrant - register: vagrant_plugin_check - changed_when: false - failed_when: false - -- name: vagrant | Install vagrant-libvirt plugin - command: - cmd: ~/.local/bin/vagrant plugin install vagrant-libvirt - removes: ~/.local/bin/vagrant - when: vagrant_plugin_check.rc == 1 - environment: - CONFIGURE_ARGS: with-libvirt-include=/usr/include/libvirt with-libvirt-lib=/usr/lib diff --git a/tasks/check_variables.yml b/tasks/check_variables.yml index 0d40026..ad25180 100644 --- a/tasks/check_variables.yml +++ b/tasks/check_variables.yml @@ -2,7 +2,7 @@ - name: check | Import accepted values for defined variables include_vars: name: accepted_vals - file: ../requirements/accepted_variables.yml + file: ../requirements/assert.yml - name: check | Defined variable values fail: