# __ ____ __ # __ _ ___ _/ /_____ / _(_) /__ # / ' \/ _ `/ '_/ -_) _/ / / -_) # /_/_/_/\_,_/_/\_\\__/_//_/_/\__/ # # Author: bdebyl (Bastian de Byl) all: lint PASS_SRC=./.pass.sh # Setup Definitions VENV=.venv VENV_BIN=.venv/bin PIP=${VENV_BIN}/pip ANSIBLE=${VENV_BIN}/ansible-playbook ANSIBLE_VAULT=${VENV_BIN}/ansible-vault LINT_YAML=${VENV_BIN}/yamllint VAULT_PASS_FILE=.ansible-vaultpass VAULT_FILE=ansible/vars/vault.yml # Variables ANSIBLE_INVENTORY=ansible/inventories/home/hosts.yml #SSH_KEY=${HOME}/.ssh/id_rsa_home_ansible # Default to all ansible tags to run (passed via 'make deploy TAGS=sometag') TAGS?=all SKIP_TAGS?=none TARGET?=all EXTRA_VARS?= ${VENV}: python3 -m venv ${VENV} ${VENV_BIN}/python3 -m pip install --upgrade pip ${PIP}: ${VENV} ${ANSIBLE} ${ANSIBLE_VAULT} ${LINT_YAML}: ${VENV} requirements.txt ${PIP} install -r requirements.txt touch $@ ${VAULT_PASS_FILE}: ${ANSIBLE} . ${PASS_SRC}; pass $$PASS_LOC > $@ ${VAULT_FILE}: ${VAULT_PASS_FILE} if [ ! -e "${VAULT_FILE}" ]; then \ ${ANSIBLE_VAULT} create --vault-password-file ${VAULT_PASS_FILE} $@; \ fi touch $@ # Linting YAML_FILES=$(shell find ansible/ -name '*.yml' -not -name '*vault*') SKIP_FILE=./.lint-vars.sh # Targets deploy: ${ANSIBLE} ${VAULT_FILE} ${ANSIBLE} --diff -t ${TAGS} --skip-tags ${SKIP_TAGS} -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} $(if ${EXTRA_VARS},-e "${EXTRA_VARS}") ansible/deploy.yml list-tags: ${ANSIBLE} ${VAULT_FILE} ${ANSIBLE} --list-tags -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} ansible/deploy.yml list-tasks: ${ANSIBLE} ${VAULT_FILE} ${ANSIBLE} --list-tasks -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} ansible/deploy.yml check: ${ANSIBLE} ${VAULT_FILE} ${ANSIBLE} --check --diff -t ${TAGS} --skip-tags ${SKIP_TAGS} -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} $(if ${EXTRA_VARS},-e "${EXTRA_VARS}") ansible/deploy.yml vault: ${ANSIBLE_VAULT} ${VAULT_FILE} ${ANSIBLE_VAULT} edit --vault-password-file ${VAULT_PASS_FILE} ${VAULT_FILE} lint: ${LINT_YAML} ${SKIP_FILE} @printf "Running yamllint...\n" -@${LINT_YAML} ${YAML_FILES} @printf "Done.\n" # Git-crypt management git-crypt-backup: @printf "Backing up git-crypt symmetric key...\n" @mkdir -p .git-crypt-backup @gpg --batch --yes -e -r 70A4AA02555DBD559189B4E0F32BE05EADAA54FC -o .git-crypt-backup/symmetric-key.gpg .git/git-crypt/keys/default @printf "Backup created at .git-crypt-backup/symmetric-key.gpg\n" git-crypt-restore: @printf "Restoring git-crypt symmetric key from backup...\n" @mkdir -p .git/git-crypt/keys @gpg --batch --yes -d .git-crypt-backup/symmetric-key.gpg > .git/git-crypt/keys/default @chmod 600 .git/git-crypt/keys/default @printf "Key restored. Run 'git-crypt unlock' or just checkout files.\n"