These playbooks all have supporting shell scripts that supply their arguments.
- Sketch for macos is supposed to be a great $99 digital design toolkit: https://sketchapp.com/
- From Kelly Albrink: ninite.com
- Must use deploy key with private repo to ensure it is available during deployment.
- Remove old deploy key for private dotfiles from git host and ansible repo
- Generate new deploy key for private repo
- Add deploy key to private repo and dotfiles role
- Test new dotfiles deploy role locally (patternbox) before deploying across all servers
- One-time: delete old dotfiles directories from all hosts, then install new dotfiles with playbook.
Ansible does not track these, so track them here.
common/files/dotfiles_deploy_rsa
Each shell script could use a separate hosts file or you could just use one, depending on the complexity.
Optional: you can specify the path to the hosts file in each shell script Optional: Symlink your hosts from files that aren't in this repo; no need to commit specific hosts files. Optional: add any hosts symlinks to gitignore.
- make sure no competing lines are in the sudoers role
- Review Best Practices
- Move adminuser variable into a variables file in a vault file
- Move ssh key path into variable file in a vault file
- Move dotfiles paths into variables file in a vault file
- Can the deploy key just be a variable instead of a file?
-
Need to move the private section of the dotfiles into its own role so there isn't any code duplication.
-
pip role should regenerate virtualenvs for that device, if necessary
-
rebooter isn't working for some reason. The sleep command probably needs to be a shell...
- See if you can move the
restart wait_forto ahandlerso it doesn't always hang 15 seconds. - or add a
whencondition?
- See if you can move the
-
set tzdata!! already did this on some hosts so make it idempotent.
-
consider moving all
varsto external_vars file -
Move /etc/sudoers config file to source control?
-
A wordpress and sage theme/plugin base install is a nice to have:
wp-base -
use a vault secret in a file, e.g.
vault.secretoutside of source control -
Rebuild ~/virtualenv virtualenvs automatically?
-
See about Ansible on Python 3
- potentially remove the Python 2 raw installation on Ubuntu 16.04 LTS
- Encrypt a file:
ansible-vault encrypt foo.yml bar.yml baz.yml - Decrypt a file:
ansible-vault decrypt foo.yml bar.yml baz.yml - View Contents:
ansible-vault view foo.yml bar.yml baz.yml - Run Playbook w/ Vault:
ansible-playbook site.yml --ask-vault-pass - Speed up Vault:
pip install cryptography- this goes in your ansible virtualenv, needs dependencies installed locally though
-
Ansible Homebrew exists...
-
Ansible Modules Used:
-
Patterns - decide which hosts to manage
- grep for this to see a good example in a task