feat(role): Initial commit

defaults/main.yml

@@ -0,0 +1,13 @@
+miniconda_install_dir: '/opt/miniconda3'
+miniconda_bin_dir: '{{ miniconda_install_dir }}/bin'
+miniconda_envs_dir: '{{ miniconda_install_dir }}/envs'
+miniconda_conda_binary: '{{ miniconda_bin_dir }}/conda'
+miniconda_installer_dl_dir: '{{ miniconda_install_dir }}/_downloaded-installer'
+miniconda_dl_uri_base: 'https://repo.anaconda.com/miniconda/'
+miniconda_dl_uri_file: 'Miniconda3-latest-Linux-x86_64.sh'
+miniconda_dl_uri: '{{ miniconda_dl_uri_base }}{{ miniconda_dl_uri_file }}'
+miniconda_dl_local_abs: '{{ miniconda_installer_dl_dir }}/{{ miniconda_dl_uri_file }}'
+conda_envs_template_dir: '_conda_envs_dir_'
+conda_python_version: '3'
+conda_package_spec: 'pip'
+python_git_install_path: '/opt/python'

defaults/main.yml.example

@@ -0,0 +1,13 @@
+miniconda_install_dir: '/opt/miniconda3'
+miniconda_bin_dir: '{{ miniconda_install_dir }}/bin'
+miniconda_envs_dir: '{{ miniconda_install_dir }}/envs'
+miniconda_conda_binary: '{{ miniconda_bin_dir }}/conda'
+miniconda_installer_dl_dir: '{{ miniconda_install_dir }}/_downloaded-installer'
+miniconda_dl_uri_base: 'https://repo.anaconda.com/miniconda/'
+miniconda_dl_uri_file: 'Miniconda3-latest-Linux-x86_64.sh'
+miniconda_dl_uri: '{{ miniconda_dl_uri_base }}{{ miniconda_dl_uri_file }}'
+miniconda_dl_local_abs: '{{ miniconda_installer_dl_dir }}/{{ miniconda_dl_uri_file }}'
+conda_envs_template_dir: '_conda_envs_dir_'
+conda_python_version: '3'
+conda_package_spec: 'pip'
+python_git_install_path: '/opt/python'

files/_current_user_home_/.condarc

@@ -0,0 +1 @@
+auto_activate_base: false

files/etc/systemd/system/update-firewall-source.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=firewalld direct rules generator
+After=multi-user.target network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+Environment='PATH=/usr/local/sbin:/usr/local/bin:/usr/bin' 'UFS_LOGLEVEL=INFO'
+ExecStart=/opt/miniconda3/envs/update-firewall-source/bin/python /opt/python/update-firewall-source/master/update-firewall-source.py
+
+[Install]
+WantedBy=multi-user.target

files/etc/systemd/system/update-firewall-source.service.example

@@ -0,0 +1,12 @@
+[Unit]
+Description=firewalld direct rules generator
+After=multi-user.target network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+Environment='PATH=/usr/local/sbin:/usr/local/bin:/usr/bin' 'UFS_LOGLEVEL=INFO'
+ExecStart=/opt/miniconda3/envs/update-firewall-source/bin/python /opt/python/update-firewall-source/master/update-firewall-source.py
+
+[Install]
+WantedBy=multi-user.target

files/etc/systemd/system/update-firewall-source.timer

@@ -0,0 +1,13 @@
+[Unit]
+Description=Run firewalld direct rules generator
+
+[Timer]
+OnCalendar=
+OnCalendar=4,5,6:00,15,30,45 Europe/Berlin
+OnCalendar=1,10,14,18,22:00 Europe/Berlin
+OnBootSec=5min
+RandomizedDelaySec=2min
+Persistent=true
+
+[Install]
+WantedBy=timers.target

files/etc/systemd/system/update-firewall-source.timer.example

@@ -0,0 +1,13 @@
+[Unit]
+Description=Run firewalld direct rules generator
+
+[Timer]
+OnCalendar=
+OnCalendar=4,5,6:00,15,30,45 Asia/Shanghai
+OnCalendar=1,10,14,18,22:00 Asia/Shanghai
+OnBootSec=5min
+RandomizedDelaySec=2min
+Persistent=true
+
+[Install]
+WantedBy=timers.target

files/opt/python/update-firewall-source/master/config.ini

@@ -0,0 +1,27 @@
+[DEFAULT]
+target = ACCEPT
+addr =
+ports = 80, 443
+proto = tcp
+state = NEW
+do_ipv6 = true
+firewalld_direct_file_abs = /etc/firewalld/direct.xml
+restart_firewalld_after_change = true
+
+[home.seneve.de]
+addr = home.seneve.de
+ports = 22, 80, 443
+
+[fornjot.uberspace.de IPv4/6 connectivity testing]
+addr = fornjot.uberspace.de
+ports = 22, 80, 443
+
+[allow-anyone-to-access-mail-services]
+ports = 143, 993, 110, 995, 25, 465, 587
+
+[deny-all]
+target = DROP
+addr =
+ports =
+proto =
+state =

tasks/40-install-miniconda.yml

@@ -0,0 +1,77 @@
+- name: 'Create Miniconda base dir'
+  loop_control:
+    loop_var: 'conda_dir'
+  loop:
+    - { path: '{{ miniconda_install_dir }}', state: 'directory' }
+    - { path: '{{ miniconda_installer_dl_dir }}', state: 'directory' }
+  ansible.builtin.file:
+    path: '{{ conda_dir.path }}'
+    state: '{{ conda_dir.state }}'
+
+
+
+- name: 'Download latest Miniconda installer'
+  ansible.builtin.get_url:
+    url: '{{ miniconda_dl_uri }}'
+    dest: '{{ miniconda_dl_local_abs }}'
+
+
+
+- name: 'Set execute bit on Miniconda installer'
+  ansible.builtin.file:
+    path: '{{ miniconda_dl_local_abs }}'
+    mode: 'a+x'
+
+
+
+- name: 'Get Miniconda installer help output'
+  register: 'rv_miniconda_installer_help'
+  changed_when: 'rv_miniconda_installer_help.rc != 2'
+  failed_when: 'rv_miniconda_installer_help.rc != 2'
+  ansible.builtin.shell: '{{ miniconda_dl_local_abs }} -h'
+
+
+
+- name: 'Get Miniconda installer version from help output'
+  when: 'rv_miniconda_installer_help.rc == 2'
+  set_fact:
+    miniconda_installer_version: '{{ rv_miniconda_installer_help.stdout | regex_search(''Installs Miniconda3 (py.*?_)(.*?)(\n)'', ''\2'') }}'
+
+
+
+- name: 'Get conda version output'
+  register: 'rv_conda_version_output'
+  changed_when: 'rv_conda_version_output.rc != 0'
+  failed_when: 'false'
+  ansible.builtin.shell: 'conda --version 2> ''/dev/null'''
+
+
+
+- name: 'Get conda version from version output'
+  register: 'rv_conda_version'
+  changed_when: '(not conda_version) or (rv_conda_version_output.rc != 0)'
+  failed_when: 'false'
+  set_fact:
+    conda_version: '{{ rv_conda_version_output.stdout | regex_search(''conda ([^\r\n\f]+)'', ''\1'') }}'
+
+
+
+- name: 'If Miniconda old or missing: install it'
+  when: '(miniconda_installer_version | first is version(''4.11.9'', ''>'')) or (not conda_version)'
+  register: 'rv_miniconda_install'
+  ansible.builtin.shell: '{{ miniconda_dl_local_abs }} -b -p ''{{ miniconda_install_dir }}'' -u'
+
+
+
+- name: 'If Miniconda was installed: Initialize'
+  when: 'rv_miniconda_install.changed'
+  register: 'rv_conda_init'
+  ansible.builtin.shell: '{{ miniconda_conda_binary }} init'
+
+
+
+- name: 'Set ~/.condarc file'
+  ansible.builtin.copy:
+    src: '_current_user_home_/.condarc'
+    dest: '{{ ansible_env.HOME }}/.condarc'
+    mode: '0644'

tasks/50-setup-miniconda-env.yml

@@ -0,0 +1,30 @@
+- name: 'Set conda env file basename'
+  set_fact:
+    conda_env_file_base: '{{ conda_env_file | basename }}'
+
+
+
+- name: 'Set conda env file absolute path'
+  set_fact:
+    conda_env_file_abs: '{{ miniconda_envs_dir }}/{{ conda_env_file_base | regex_search(''.*?\.yml'', ''\0'') | first }}'
+
+
+
+- name: 'Set conda env name'
+  set_fact:
+    conda_env_name: '{{ conda_env_file_base | regex_search(''(.*?)(_conda_environment.yml)'', ''\1'') | first }}'
+
+
+
+- name: 'Store conda environment.yml file'
+  ansible.builtin.template:
+    src: '{{ conda_env_file }}'
+    dest: '{{ conda_env_file_abs }}'
+
+
+
+- name: 'Set up conda env ''{{ conda_env_name }}'''
+  register: 'rv_conda_env_install'
+  changed_when: 'not rv_conda_env_install.stderr'
+  failed_when: 'false'
+  ansible.builtin.shell: '{{ miniconda_conda_binary }} env create --quiet --file ''{{ conda_env_file_abs }}'''

tasks/55-setup-git-repo.yml

@@ -0,0 +1,45 @@
+- name: 'Clone Python package Git repo ''{{ git.repo_url }}'''
+  ansible.builtin.git:
+    repo: '{{ git.repo_url }}'
+    dest: '{{ git.path }}/{{ git.branch }}'
+
+
+
+- name: 'If Git repo has config: Add config'
+  when: 'git.config_file'
+  ansible.builtin.copy:
+    src: '{{ git.config_file }}'
+    dest: '/{{ git.config_file }}'
+    mode: '0644'
+
+
+
+- name: 'If Git repo wants systemd: Copy systemd unit file'
+  when: '(git.systemd.service) and (git.systemd.timer)'
+  register: 'rv_copy_systemd_unit_files'
+  loop_control:
+    loop_var: 'unit'
+    label: '{{ unit.destination }}'
+  loop:
+    - { source: '{{ git.systemd.service }}', destination: '/{{ git.systemd.service }}', mode: '0644' }
+    - { source: '{{ git.systemd.timer }}', destination: '/{{ git.systemd.timer }}', mode: '0644' }
+  ansible.builtin.copy:
+    src: '{{ unit.source }}'
+    dest: '{{ unit.destination }}'
+    mode: '{{ unit.mode }}'
+
+
+
+- name: 'If systemd copy changed: systemctl daemon-reload'
+  when: '(rv_copy_systemd_unit_files.changed)'
+  ansible.builtin.systemd:
+    daemon_reload: 'yes'
+
+
+
+- name: 'If systemd copy succeeded: systemctl enable --now timer unit'
+  when: '(rv_copy_systemd_unit_files is success)'
+  ansible.builtin.systemd:
+    enabled: 'yes'
+    state: 'started'
+    name: '{{ git.systemd.timer | basename }}'

tasks/60-install-packages.yml

@@ -0,0 +1,21 @@
+- name: 'If venv wants packages: Install packages'
+  when: 'python_pip_packages'
+  loop_control:
+    loop_var: 'pip'
+    label: 'Into ''{{ pip.env_name }}'' venv install {{ pip.packages }}'
+  loop: '{{ python_pip_packages }}'
+  ansible.builtin.pip:
+    name: '{{ pip.packages }}'
+    executable: '{{ miniconda_envs_dir }}/{{ pip.env_name }}/bin/pip'
+
+
+
+- name: 'If venv wants requirements: Install requirements'
+  when: 'python_pip_requirements'
+  loop_control:
+    loop_var: 'pip'
+    label: 'Into ''{{ pip.env_name }}'' venv install requirements text file'
+  loop: '{{ python_pip_requirements }}'
+  ansible.builtin.pip:
+    requirements: '{{ pip.requirements }}'
+    executable: '{{ miniconda_envs_dir }}/{{ pip.env_name }}/bin/pip'

tasks/main.yml

@@ -0,0 +1,18 @@
+- import_tasks: '40-install-miniconda.yml'
+- name: 'Set up conda environment'
+  loop_control:
+    loop_var: 'conda_env'
+    label: '{{ conda_env | regex_search(''(.*?)/(.*?)(_conda_environment.yml)'', ''\2'') | first }}'
+  loop: '{{ lookup(''ansible.builtin.fileglob'', ''{{ role_path }}/templates/{{ conda_envs_template_dir }}/*'', wantlist=True) | map(''regex_search'', conda_envs_template_dir + ''/.*?_conda_environment.yml.j2'') }}'
+  vars:
+    conda_env_file: '{{ conda_env }}'
+  include_tasks: '50-setup-miniconda-env.yml'
+- name: 'Set up Git repos'
+  loop_control:
+    loop_var: 'git_package'
+    label: 'From ''{{ git_package.repo_url }}'' clone ''{{ git_package.branch }}'' branch'
+  loop: '{{ python_git_packages }}'
+  vars:
+    git: '{{ git_package }}'
+  include_tasks: '55-setup-git-repo.yml'
+- import_tasks: '60-install-packages.yml'

templates/_conda_envs_dir_/cookiecutter_conda_environment.yml.j2

@@ -0,0 +1,7 @@
+name: cookiecutter
+channels:
+  - defaults
+dependencies:
+  - python=3
+  - pip
+prefix: {{ miniconda_envs_dir }}/cookiecutter

templates/_conda_envs_dir_/update-firewall-source_conda_environment.yml.j2

@@ -0,0 +1,7 @@
+name: update-firewall-source
+channels:
+  - defaults
+dependencies:
+  - python=3
+  - pip
+prefix: {{ miniconda_envs_dir }}/update-firewall-source