role-service-generic_vm/tasks/archlinux-auto-updates.yml

# SPDX-License-Identifier: MIT
- name: 'If Arch Linux create dir to Git clone repo for restart detection'
  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
  ansible.builtin.file:
    path: '{{ genvm_os_needs_restart_git_clone_dir }}'
    state: 'directory'

- name: 'If Arch Linux Git clone repo for restart detection'
  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
  ansible.builtin.git:
    repo: '{{ genvm_os_needs_restart_git_repo }}'
    dest: '{{ genvm_os_needs_restart_git_clone_dir }}'
    version: '{{ genvm_os_needs_restart_git_branch }}'

- name: 'If Arch Linux create symlinks to repo for restart detection'
  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
  loop_control:
    loop_var: 'genvm_os_needs_restart_symlink'
    label: 'Create symlink to ''{{ genvm_os_needs_restart_symlink.target | basename }}'''
  loop:
    - { target: '{{ genvm_os_needs_restart_git_clone_dir }}/arch-needs-restart.sh', symlink: '/usr/local/bin/arch-needs-restart' }
    - { target: '{{ genvm_os_needs_restart_git_clone_dir }}/arch-needs-restart.hook', symlink: '/usr/share/libalpm/hooks/arch-needs-restart.hook' }
  ansible.builtin.file:
    src: '{{ genvm_os_needs_restart_symlink.target }}'
    dest: '{{ genvm_os_needs_restart_symlink.symlink }}'
    state: 'link'
    force: true

- name: 'If Arch Linux create dir to Git clone repo for OS auto-upgrades'
  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
  ansible.builtin.file:
    path: '{{ genvm_os_auto_upgrades_git_clone_dir }}'
    state: 'directory'

- name: 'If Arch Linux Git clone repo for OS auto-upgrades'
  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
  ansible.builtin.git:
    repo: '{{ genvm_os_auto_upgrades_git_repo }}'
    dest: '{{ genvm_os_auto_upgrades_git_clone_dir }}'
    version: '{{ genvm_os_auto_upgrades_git_branch }}'

- name: 'If Arch Linux copy systemd unit files for OS auto-upgrades to ''/etc/systemd/system'''
  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
  loop_control:
    loop_var: 'genvm_os_auto_upgrades_unit'
    label: 'Copy ''{{ genvm_os_auto_upgrades_unit.source | basename }}'' to ''/etc/systemd/system'''
  loop:
    - { source: '{{ genvm_os_auto_upgrades_git_clone_dir }}/arch-linux-update-and-restart.service', target: '/etc/systemd/system/arch-linux-update-and-restart.service' }
    - { source: '{{ genvm_os_auto_upgrades_git_clone_dir }}/arch-linux-update-and-restart.timer', target: '/etc/systemd/system/arch-linux-update-and-restart.timer' }
  ansible.builtin.copy:
    src: '{{ genvm_os_auto_upgrades_unit.source }}'
    dest: '{{ genvm_os_auto_upgrades_unit.target }}'
    remote_src: true
  notify:
    - 'Reload systemd unit configs'

# Chances are we've just updated systemd unit files in '/etc/systemd/system'. In
# a second we'll be enabling a timer unit that was among those files we just
# (potentially) changed. We should flush our handlers now, i.e. 'systemctl
# daemon-reload' to make sure systemd knows the newest state of our units.
- name: 'Flush handlers'
  meta: flush_handlers

- name: 'If Arch Linux enable systemd timer for OS auto-upgrades'
  ansible.builtin.systemd_service:
    name: 'arch-linux-update-and-restart.timer'
    state: 'started'
    enabled: true

- name: 'If Arch Linux make sure pacman ignores kernel updates (our zfs-dkms may not always be compatible)'
  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
  community.general.ini_file:
    path: '/etc/pacman.conf'
    section: 'options'
    option: 'IgnorePkg'
    value: 'linux linux-headers'
feat(role): Initial commit 2025-04-03 00:12:58 +02:00			`# SPDX-License-Identifier: MIT`
			`- name: 'If Arch Linux create dir to Git clone repo for restart detection'`
			`when: 'ansible_facts[''os_family''] \| lower == ''archlinux'''`
			`ansible.builtin.file:`
			`path: '{{ genvm_os_needs_restart_git_clone_dir }}'`
			`state: 'directory'`

			`- name: 'If Arch Linux Git clone repo for restart detection'`
			`when: 'ansible_facts[''os_family''] \| lower == ''archlinux'''`
			`ansible.builtin.git:`
			`repo: '{{ genvm_os_needs_restart_git_repo }}'`
			`dest: '{{ genvm_os_needs_restart_git_clone_dir }}'`
			`version: '{{ genvm_os_needs_restart_git_branch }}'`

			`- name: 'If Arch Linux create symlinks to repo for restart detection'`
			`when: 'ansible_facts[''os_family''] \| lower == ''archlinux'''`
			`loop_control:`
			`loop_var: 'genvm_os_needs_restart_symlink'`
			`label: 'Create symlink to ''{{ genvm_os_needs_restart_symlink.target \| basename }}'''`
			`loop:`
			`- { target: '{{ genvm_os_needs_restart_git_clone_dir }}/arch-needs-restart.sh', symlink: '/usr/local/bin/arch-needs-restart' }`
			`- { target: '{{ genvm_os_needs_restart_git_clone_dir }}/arch-needs-restart.hook', symlink: '/usr/share/libalpm/hooks/arch-needs-restart.hook' }`
			`ansible.builtin.file:`
			`src: '{{ genvm_os_needs_restart_symlink.target }}'`
			`dest: '{{ genvm_os_needs_restart_symlink.symlink }}'`
			`state: 'link'`
			`force: true`

			`- name: 'If Arch Linux create dir to Git clone repo for OS auto-upgrades'`
			`when: 'ansible_facts[''os_family''] \| lower == ''archlinux'''`
			`ansible.builtin.file:`
			`path: '{{ genvm_os_auto_upgrades_git_clone_dir }}'`
			`state: 'directory'`

			`- name: 'If Arch Linux Git clone repo for OS auto-upgrades'`
			`when: 'ansible_facts[''os_family''] \| lower == ''archlinux'''`
			`ansible.builtin.git:`
			`repo: '{{ genvm_os_auto_upgrades_git_repo }}'`
			`dest: '{{ genvm_os_auto_upgrades_git_clone_dir }}'`
			`version: '{{ genvm_os_auto_upgrades_git_branch }}'`

refactor(role): Copy unit files instead of symlinking them On each target machine we're storing the Git repo that has our unit files underneath '/opt/git'. Prior to this commit we used to place symlinks from '/etc/systemd/system' into the appropriate '/opt/git' subdir. On most machines this worked fine, however, on some we encountered a race condition on system start. Sometimes '/opt/git' is not the same file system as '/'. If that's the case chances are that systemd initializes the system and fails to access a unit file at '/opt/git' because that file system is just barely not yet visible early in the boot process. For a timer unit for example this could result in enabling the unit and upon reboot seeing that the unit no longer existed in systemd's world view e.g. via 'systemctl list-timers' even though the symlink at '/etc/systemd/system' still pointed to an '/opt/git' subdir when inspected manually seconds after boot. journalctl, however, would clearly confirm that at system initialization the symlink target was inaccessible. We could fiddle around with delaying boot until '/opt/git' and its descendants are visible but the sane solution is to just not rely on a separate file system for important stuff such as unit files. We now copy unit files to '/etc/systemd/system' instead of symlinking them. 2025-06-04 01:26:15 +02:00			`- name: 'If Arch Linux copy systemd unit files for OS auto-upgrades to ''/etc/systemd/system'''`
feat(role): Initial commit 2025-04-03 00:12:58 +02:00			`when: 'ansible_facts[''os_family''] \| lower == ''archlinux'''`
			`loop_control:`
refactor(role): Copy unit files instead of symlinking them On each target machine we're storing the Git repo that has our unit files underneath '/opt/git'. Prior to this commit we used to place symlinks from '/etc/systemd/system' into the appropriate '/opt/git' subdir. On most machines this worked fine, however, on some we encountered a race condition on system start. Sometimes '/opt/git' is not the same file system as '/'. If that's the case chances are that systemd initializes the system and fails to access a unit file at '/opt/git' because that file system is just barely not yet visible early in the boot process. For a timer unit for example this could result in enabling the unit and upon reboot seeing that the unit no longer existed in systemd's world view e.g. via 'systemctl list-timers' even though the symlink at '/etc/systemd/system' still pointed to an '/opt/git' subdir when inspected manually seconds after boot. journalctl, however, would clearly confirm that at system initialization the symlink target was inaccessible. We could fiddle around with delaying boot until '/opt/git' and its descendants are visible but the sane solution is to just not rely on a separate file system for important stuff such as unit files. We now copy unit files to '/etc/systemd/system' instead of symlinking them. 2025-06-04 01:26:15 +02:00			`loop_var: 'genvm_os_auto_upgrades_unit'`
			`label: 'Copy ''{{ genvm_os_auto_upgrades_unit.source \| basename }}'' to ''/etc/systemd/system'''`
feat(role): Initial commit 2025-04-03 00:12:58 +02:00			`loop:`
refactor(role): Copy unit files instead of symlinking them On each target machine we're storing the Git repo that has our unit files underneath '/opt/git'. Prior to this commit we used to place symlinks from '/etc/systemd/system' into the appropriate '/opt/git' subdir. On most machines this worked fine, however, on some we encountered a race condition on system start. Sometimes '/opt/git' is not the same file system as '/'. If that's the case chances are that systemd initializes the system and fails to access a unit file at '/opt/git' because that file system is just barely not yet visible early in the boot process. For a timer unit for example this could result in enabling the unit and upon reboot seeing that the unit no longer existed in systemd's world view e.g. via 'systemctl list-timers' even though the symlink at '/etc/systemd/system' still pointed to an '/opt/git' subdir when inspected manually seconds after boot. journalctl, however, would clearly confirm that at system initialization the symlink target was inaccessible. We could fiddle around with delaying boot until '/opt/git' and its descendants are visible but the sane solution is to just not rely on a separate file system for important stuff such as unit files. We now copy unit files to '/etc/systemd/system' instead of symlinking them. 2025-06-04 01:26:15 +02:00			`- { source: '{{ genvm_os_auto_upgrades_git_clone_dir }}/arch-linux-update-and-restart.service', target: '/etc/systemd/system/arch-linux-update-and-restart.service' }`
			`- { source: '{{ genvm_os_auto_upgrades_git_clone_dir }}/arch-linux-update-and-restart.timer', target: '/etc/systemd/system/arch-linux-update-and-restart.timer' }`
			`ansible.builtin.copy:`
			`src: '{{ genvm_os_auto_upgrades_unit.source }}'`
			`dest: '{{ genvm_os_auto_upgrades_unit.target }}'`
			`remote_src: true`
feat(role): Initial commit 2025-04-03 00:12:58 +02:00			`notify:`
			`- 'Reload systemd unit configs'`

refactor(role): systemctl daemon-reload after copy Since unit files are now copied to '/etc/systemd/system' we should make sure that systemd sees the newest version of all unit files before we attempt to enable a timer unit. 2025-06-04 01:28:57 +02:00			`# Chances are we've just updated systemd unit files in '/etc/systemd/system'. In`
			`# a second we'll be enabling a timer unit that was among those files we just`
			`# (potentially) changed. We should flush our handlers now, i.e. 'systemctl`
			`# daemon-reload' to make sure systemd knows the newest state of our units.`
			`- name: 'Flush handlers'`
			`meta: flush_handlers`

feat(role): Initial commit 2025-04-03 00:12:58 +02:00			`- name: 'If Arch Linux enable systemd timer for OS auto-upgrades'`
			`ansible.builtin.systemd_service:`
			`name: 'arch-linux-update-and-restart.timer'`
			`state: 'started'`
			`enabled: true`

			`- name: 'If Arch Linux make sure pacman ignores kernel updates (our zfs-dkms may not always be compatible)'`
			`when: 'ansible_facts[''os_family''] \| lower == ''archlinux'''`
			`community.general.ini_file:`
			`path: '/etc/pacman.conf'`
			`section: 'options'`
			`option: 'IgnorePkg'`
			`value: 'linux linux-headers'`