feat(role): Initial commit

.gitignore

@@ -0,0 +1 @@
+.idea

README.md

@@ -1,3 +1,56 @@
-# role-service-generic_vm
+[//]: # (SPDX-License-Identifier: MIT)
+# Role Name
 
-Settings and configs for most virtual machines
+role-service-generic_vm
+
+# Description
+
+Settings and configs for most virtual machines.
+
+# Requirements
+
+Your target machines must be Linux.
+
+# Role Variables
+
+Per [defaults/main.yml](defaults/main.yml) this role comes with a whole host of default variables almost all of which are relevant only to Arch Linux machines as that's what we run ourselves. Feel free to override these with host or group vars.
+
+- `genvm_git_repos_base_dir`: The base directory where we canonically store checked out Git repos. This defaults to `/opt/git`. We use this var to construct subdirectory paths underneath that location.
+- `genvm_pacman_hook_git_base_dir`: On Arch Linux we Git clone [quico.space/quico-os-setup/zfs-pacman-hook](https://quico.space/quico-os-setup/zfs-pacman-hook/src/branch/1-get-base-version-going) into this location. The repo contains package manager hooks that automatically snapshot the root-on-ZFS filesystem that all of our Arch Linux machines are using.
+- `genvm_pacman_hook_git_branch`: In above repo we're interested in _this_ branch. Can be `main` for example.
+- `genvm_pacman_hook_auto_snapshot_datasets`: Name ZFS datasets that we want to automatically snapshot whenever package manager actions happen. This is a list with one entry by default, `zpool/root/archlinux`.
+
+The following four plus four vars deal with Git cloning firstly, a repo with a script that detects the need to a system reboot on Arch Linux and secondly, a repo that automatically does unattended package upgrades. They follow the same pattern.
+
+## Arch Linux reboot detection
+
+- `genvm_os_needs_restart_git_repo`: Git clone from this location
+- `genvm_os_needs_restart_git_base_dir`: Git clone into this base dir
+- `genvm_os_needs_restart_git_branch`: Check out this branch
+- `genvm_os_needs_restart_git_clone_dir`: Git clone into this exact dir (constructed from both `genvm_os_needs_restart_git_base_dir` and the branch we want).
+
+## Arch Linux unattended package upgrades
+
+- `genvm_os_auto_upgrades_git_repo`: Git clone from this location
+- `genvm_os_auto_upgrades_git_base_dir`: Git clone into this base dir
+- `genvm_os_auto_upgrades_git_branch`: Check out this branch
+- `genvm_os_auto_upgrades_git_clone_dir`: Git clone into this exact dir (constructed from both `genvm_os_auto_upgrades_git_base_dir` and the branch we want).
+
+# Dependencies
+
+None.
+
+# Example Playbook
+
+In your `playbook.yml` call it like so:
+
+```
+- name: 'Awesome playbook'
+  hosts: all
+  roles:
+    - 'role-service-generic_vm'
+```
+
+# License
+
+MIT

defaults/main.yml

@@ -0,0 +1,14 @@
+# SPDX-License-Identifier: MIT
+genvm_git_repos_base_dir: '/opt/git'
+genvm_pacman_hook_git_base_dir: '/opt/git/quico.space/quico-os-setup/zfs-pacman-hook/branches'
+genvm_pacman_hook_git_branch: '1-get-base-version-going'
+genvm_pacman_hook_auto_snapshot_datasets:
+  - 'zpool/root/archlinux'
+genvm_os_needs_restart_git_repo: 'https://quico.space/quico-os-setup/arch-needs-restart'
+genvm_os_needs_restart_git_base_dir: '{{ genvm_git_repos_base_dir }}/{{ genvm_os_needs_restart_git_repo | regex_search(''(.*?://)([^\r\n\f]+)'', ''\2'') | first }}'
+genvm_os_needs_restart_git_branch: 'main'
+genvm_os_needs_restart_git_clone_dir: '{{ genvm_os_needs_restart_git_base_dir }}/branches/{{ genvm_os_needs_restart_git_branch }}'
+genvm_os_auto_upgrades_git_repo: 'https://quico.space/quico-os-setup/arch-linux-update-and-restart'
+genvm_os_auto_upgrades_git_base_dir: '{{ genvm_git_repos_base_dir }}/{{ genvm_os_auto_upgrades_git_repo | regex_search(''(.*?://)([^\r\n\f]+)'', ''\2'') | first }}'
+genvm_os_auto_upgrades_git_branch: 'main'
+genvm_os_auto_upgrades_git_clone_dir: '{{ genvm_os_auto_upgrades_git_base_dir }}/branches/{{ genvm_os_auto_upgrades_git_branch }}'

files/etc/pacman.d/pacman.conf

@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: MIT
+ILoveCandy
+Color
+ParallelDownloads = 20

handlers/main.yml

@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: MIT
+- name: 'Reload systemd unit configs'
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  listen: 'Reload all systemd services'

meta/main.yml

@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: MIT
+galaxy_info:
+  author: 'hygienic-books'
+  description: 'Settings and configs for most virtual machines'
+  license: MIT
+  min_ansible_version: 2.18.1
+  galaxy_tags:
+    - 'vm'
+dependencies: []

tasks/archlinux-auto-updates.yml

@@ -0,0 +1,72 @@
+# SPDX-License-Identifier: MIT
+- name: 'If Arch Linux create dir to Git clone repo for restart detection'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  ansible.builtin.file:
+    path: '{{ genvm_os_needs_restart_git_clone_dir }}'
+    state: 'directory'
+
+- name: 'If Arch Linux Git clone repo for restart detection'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  ansible.builtin.git:
+    repo: '{{ genvm_os_needs_restart_git_repo }}'
+    dest: '{{ genvm_os_needs_restart_git_clone_dir }}'
+    version: '{{ genvm_os_needs_restart_git_branch }}'
+
+- name: 'If Arch Linux create symlinks to repo for restart detection'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  loop_control:
+    loop_var: 'genvm_os_needs_restart_symlink'
+    label: 'Create symlink to ''{{ genvm_os_needs_restart_symlink.target | basename }}'''
+  loop:
+    - { target: '{{ genvm_os_needs_restart_git_clone_dir }}/arch-needs-restart.sh', symlink: '/usr/local/bin/arch-needs-restart' }
+    - { target: '{{ genvm_os_needs_restart_git_clone_dir }}/arch-needs-restart.hook', symlink: '/usr/share/libalpm/hooks/arch-needs-restart.hook' }
+  ansible.builtin.file:
+    src: '{{ genvm_os_needs_restart_symlink.target }}'
+    dest: '{{ genvm_os_needs_restart_symlink.symlink }}'
+    state: 'link'
+    force: true
+
+- name: 'If Arch Linux create dir to Git clone repo for OS auto-upgrades'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  ansible.builtin.file:
+    path: '{{ genvm_os_auto_upgrades_git_clone_dir }}'
+    state: 'directory'
+
+- name: 'If Arch Linux Git clone repo for OS auto-upgrades'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  ansible.builtin.git:
+    repo: '{{ genvm_os_auto_upgrades_git_repo }}'
+    dest: '{{ genvm_os_auto_upgrades_git_clone_dir }}'
+    version: '{{ genvm_os_auto_upgrades_git_branch }}'
+  notify:
+    - 'Reload systemd unit configs'
+
+- name: 'If Arch Linux create symlinks to repo for OS auto-upgrades'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  loop_control:
+    loop_var: 'genvm_os_auto_upgrades_symlink'
+    label: 'Create symlink to ''{{ genvm_os_auto_upgrades_symlink.target | basename }}'''
+  loop:
+    - { target: '{{ genvm_os_auto_upgrades_git_clone_dir }}/arch-linux-update-and-restart.service', symlink: '/etc/systemd/system/arch-linux-update-and-restart.service' }
+    - { target: '{{ genvm_os_auto_upgrades_git_clone_dir }}/arch-linux-update-and-restart.timer', symlink: '/etc/systemd/system/arch-linux-update-and-restart.timer' }
+  ansible.builtin.file:
+    src: '{{ genvm_os_auto_upgrades_symlink.target }}'
+    dest: '{{ genvm_os_auto_upgrades_symlink.symlink }}'
+    state: 'link'
+    force: true
+  notify:
+    - 'Reload systemd unit configs'
+
+- name: 'If Arch Linux enable systemd timer for OS auto-upgrades'
+  ansible.builtin.systemd_service:
+    name: 'arch-linux-update-and-restart.timer'
+    state: 'started'
+    enabled: true
+
+- name: 'If Arch Linux make sure pacman ignores kernel updates (our zfs-dkms may not always be compatible)'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  community.general.ini_file:
+    path: '/etc/pacman.conf'
+    section: 'options'
+    option: 'IgnorePkg'
+    value: 'linux linux-headers'

tasks/archlinux-package-management.yml

@@ -0,0 +1,22 @@
+# SPDX-License-Identifier: MIT
+- name: 'If Arch Linux set paru package manager to list search results bottom-up'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  community.general.ini_file:
+    path: '/etc/paru.conf'
+    section: 'options'
+    option: 'BottomUp'
+    allow_no_value: true
+
+- name: 'If Arch Linux copy pacman config file with custom options'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  ansible.builtin.copy:
+    src: 'etc/pacman.d/pacman.conf'
+    dest: '/etc/pacman.d/pacman.conf'
+
+- name: 'If Arch Linux include our custom pacman config in main pacman config'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  community.general.ini_file:
+    path: '/etc/pacman.conf'
+    section: 'options'
+    option: 'Include'
+    value: '/etc/pacman.d/pacman.conf'

tasks/archlinux-pacman-hook.yml

@@ -0,0 +1,84 @@
+# SPDX-License-Identifier: MIT
+- name: 'If Arch Linux create dir to Git clone repo for pacman hook for ZFS dataset snapshots'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  ansible.builtin.file:
+    path: '{{ genvm_pacman_hook_git_base_dir }}/{{ genvm_pacman_hook_git_branch }}'
+    state: 'directory'
+
+- name: 'If Arch Linux Git clone repo for pacman hook for ZFS dataset snapshots'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  ansible.builtin.git:
+    repo: 'https://quico.space/quico-os-setup/zfs-pacman-hook'
+    dest: '{{ genvm_pacman_hook_git_base_dir }}/{{ genvm_pacman_hook_git_branch }}'
+    version: '{{ genvm_pacman_hook_git_branch }}'
+
+- name: 'If Arch Linux get list of checked out branches of repo for pacman hook for ZFS dataset snapshots'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  register: 'genvm_pacman_hook_branches_actual'
+  changed_when: false
+  ansible.builtin.shell: |
+    ls -1 '{{ genvm_pacman_hook_git_base_dir }}'
+
+- name: 'If Arch Linux remove unneeded branches of repo for pacman hook for ZFS dataset snapshots'
+  when: 'item != genvm_pacman_hook_git_branch and ansible_facts[''os_family''] | lower == ''archlinux'''
+  loop_control:
+    label: 'If unneeded delete branch ''{{ item }}'''
+  loop: '{{ genvm_pacman_hook_branches_actual.stdout_lines }}'
+  ansible.builtin.file:
+    path: '{{ genvm_pacman_hook_git_base_dir }}/{{ item }}'
+    state: 'absent'
+
+- name: 'If Arch Linux create symlinks to repo for pacman hook for ZFS dataset snapshots'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  loop_control:
+    loop_var: 'genvm_pacman_hook_symlink'
+    label: 'Create symlink to ''{{ genvm_pacman_hook_symlink.target | basename }}'''
+  loop:
+    - { target: '{{ genvm_pacman_hook_git_base_dir }}/{{ genvm_pacman_hook_git_branch }}/pacman-zfs-snapshot.sh', symlink: '/usr/local/bin/pacman-zfs-snapshot' }
+    - { target: '{{ genvm_pacman_hook_git_base_dir }}/{{ genvm_pacman_hook_git_branch }}/pacman-zfs-snapshot-install.hook', symlink: '/usr/share/libalpm/hooks/00-pacman-zfs-snapshot-install.hook' }
+    - { target: '{{ genvm_pacman_hook_git_base_dir }}/{{ genvm_pacman_hook_git_branch }}/pacman-zfs-snapshot-remove.hook', symlink: '/usr/share/libalpm/hooks/00-pacman-zfs-snapshot-remove.hook' }
+    - { target: '{{ genvm_pacman_hook_git_base_dir }}/{{ genvm_pacman_hook_git_branch }}/pacman-zfs-snapshot-upgrade.hook', symlink: '/usr/share/libalpm/hooks/00-pacman-zfs-snapshot-upgrade.hook' }
+    - { target: '{{ genvm_pacman_hook_git_base_dir }}/{{ genvm_pacman_hook_git_branch }}/pacman-zfs-snapshot.conf', symlink: '/etc/pacman-zfs-snapshot.conf' }
+  ansible.builtin.file:
+    src: '{{ genvm_pacman_hook_symlink.target }}'
+    dest: '{{ genvm_pacman_hook_symlink.symlink }}'
+    state: 'link'
+    force: true
+
+- name: 'If Arch Linux get list of datasets'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  register: 'genvm_pacman_hook_auto_snapshot_datasets_list'
+  changed_when: false
+  ansible.builtin.shell: |
+    zfs list -H -o name
+
+- name: 'If Arch Linux check current state of auto-snapshot marker on datasets'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  register: 'genvm_pacman_hook_auto_snapshot_datasets_actual'
+  changed_when: false
+  loop_control:
+    loop_var: 'dataset'
+    label: 'Check if dataset ''{{ dataset }}'' is marked for auto-snapshotting'
+  loop: '{{ genvm_pacman_hook_auto_snapshot_datasets_list.stdout_lines }}'
+  ansible.builtin.shell: |
+    zfs get -H -o value space.quico:auto-snapshot '{{ dataset }}'
+
+- name: 'If Arch Linux mark ZFS datasets for auto-snapshotting'
+  when: 'genvm_pacman_hook_auto_snapshot_datasets_actual[''results''][i][''stdout_lines''] | first != ''true'' and dataset in genvm_pacman_hook_auto_snapshot_datasets and ansible_facts[''os_family''] | lower == ''archlinux'''
+  loop_control:
+    loop_var: 'dataset'
+    index_var: 'i'
+    label: 'If not marked for auto-snapshotting - {% if genvm_pacman_hook_auto_snapshot_datasets_actual[''results''][i][''stdout_lines''] | first != ''true'' and dataset in genvm_pacman_hook_auto_snapshot_datasets %}⚠️{% else %}✅{% endif %} expected {% if dataset in genvm_pacman_hook_auto_snapshot_datasets %}yes{% else %} no{% endif %}/was actually {% if genvm_pacman_hook_auto_snapshot_datasets_actual[''results''][i][''stdout_lines''] | first != ''true'' %} no{% else %}yes{% endif %} - mark ZFS dataset ''{{ dataset }}'''
+  loop: '{{ genvm_pacman_hook_auto_snapshot_datasets_list.stdout_lines }}'
+  ansible.builtin.shell: |
+    zfs set space.quico:auto-snapshot=true '{{ dataset }}'
+
+- name: 'If Arch Linux unmark ZFS datasets for auto-snapshotting'
+  when: 'genvm_pacman_hook_auto_snapshot_datasets_actual[''results''][i][''stdout_lines''] | first == ''true'' and dataset not in genvm_pacman_hook_auto_snapshot_datasets and ansible_facts[''os_family''] | lower == ''archlinux'''
+  loop_control:
+    loop_var: 'dataset'
+    index_var: 'i'
+    label: 'If incorrectly marked for auto-snapshotting - {% if genvm_pacman_hook_auto_snapshot_datasets_actual[''results''][i][''stdout_lines''] | first == ''true'' and dataset not in genvm_pacman_hook_auto_snapshot_datasets %}⚠️{% else %}✅{% endif %} expected {% if dataset not in genvm_pacman_hook_auto_snapshot_datasets %} no{% else %}yes{% endif %}/was actually {% if genvm_pacman_hook_auto_snapshot_datasets_actual[''results''][i][''stdout_lines''] | first == ''true'' %}yes{% else %} no{% endif %} - unmark ZFS dataset ''{{ dataset }}'''
+  loop: '{{ genvm_pacman_hook_auto_snapshot_datasets_list.stdout_lines }}'
+  ansible.builtin.shell: |
+    zfs inherit space.quico:auto-snapshot '{{ dataset }}'

tasks/archlinux-zfs-pacman-cache.yml

@@ -0,0 +1,28 @@
+# SPDX-License-Identifier: MIT
+- name: 'Check if ZFS functional'
+  register: 'genvm_archlinux_zfs_pacman_cache_os_has_functional_zfs'
+  changed_when: false
+  failed_when: false
+  ansible.builtin.shell: |
+    zpool list
+
+- name: 'If ZFS functional check if pacman cache dataset exists'
+  when: 'genvm_archlinux_zfs_pacman_cache_os_has_functional_zfs.rc == 0'
+  register: 'genvm_archlinux_zfs_pacman_cache_zfs_has_pacman_cache_dataset'
+  changed_when: false
+  failed_when: false
+  ansible.builtin.shell: |
+    zfs list zpool/data/var/cache/pacman/pkg
+    
+- name: 'If no pacman cache dataset exists create dataset'
+  when: 'genvm_archlinux_zfs_pacman_cache_zfs_has_pacman_cache_dataset.rc > 0'
+  register: 'genvm_archlinux_zfs_pacman_cache_pacman_cache_dir_was_temp_moved'
+  changed_when: 'genvm_archlinux_zfs_pacman_cache_pacman_cache_dir_was_temp_moved.rc == 0'
+  ansible.builtin.shell: |
+    mv '/var/cache/pacman/pkg'{,'.bak'} && \
+    if ! zfs list zpool/data/var &>/dev/null; then zfs create -o canmount=off zpool/data/var; fi && \
+    if ! zfs list zpool/data/var/cache &>/dev/null; then zfs create -o canmount=off zpool/data/var/cache; fi && \
+    if ! zfs list zpool/data/var/cache/pacman &>/dev/null; then zfs create -o canmount=off zpool/data/var/cache/pacman; fi && \
+    zfs create zpool/data/var/cache/pacman/pkg && \
+    rsync -a --remove-source-files '/var/cache/pacman/pkg'{'.bak',}'/' && \
+    find '/var/cache/pacman/pkg.bak' -type d -empty -delete

tasks/main.yml

@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: MIT
+- import_tasks: archlinux-pacman-hook.yml
+- import_tasks: archlinux-package-management.yml
+- import_tasks: archlinux-auto-updates.yml
+- import_tasks: archlinux-zfs-pacman-cache.yml