Fix permission fix for dotfiles directory

The default changed and I assumed it was "false", but it's "true" in
older ansible versions.

.gitignore

@@ -1,2 +1 @@
-/venv/
 /*.bundle

Makefile

@@ -1,26 +1,15 @@
-DISTRO := $(shell . /etc/os-release && echo $$NAME)
-
-venv = ./venv
-requirements = requirements.txt
-activate = . $(venv)/bin/activate
-pip = pip
-
-ifeq ($(DISTRO),Ubuntu)
-	ansible_run = $(activate) && ansible-playbook -e ansible_python_interpreter=/usr/bin/python3 --inventory localhost, --diff ./playbook.yml ${ANSIBLE_EXTRA_ARGS}
-else
-	ansible_run =ansible-playbook -e ansible_python_interpreter=/usr/bin/python3 --inventory localhost, --diff ./playbook.yml ${ANSIBLE_EXTRA_ARGS}
-endif
+ansible_run = ansible-playbook -e ansible_python_interpreter=/usr/bin/python3 --inventory localhost, --diff ./playbook.yml ${ANSIBLE_EXTRA_ARGS}
 
 .PHONY: all
-all: | venv
+all:
 	$(ansible_run)
 
 .PHONY: config
-config: | venv
+config:
 	$(ansible_run) --skip-tags system-update
 
 .PHONY: system-update
-system-update: venv
+system-update:
 	$(ansible_run) --tags system-update
 
 .PHONY: reboot
@@ -35,30 +24,13 @@ poweroff:
 weekend: | update poweroff
 
 .PHONY: packages
-packages: venv
+packages:
 	$(ansible_run) --tags packages
 
 .PHONY: dotfiles
-dotfiles: venv
+dotfiles:
 	$(ansible_run) --tags dotfiles
 
-.PHONY: clean
-clean:
-	rm -rf venv
-
 .PHONY: test
 test:
 	./test-in-docker.sh
-
-ifeq ($(DISTRO), Ubuntux)
-venv:
-		python3 -m venv $(venv)
-		$(activate) && $(pip) install -r $(requirements)
-else
-venv:
-	true
-endif
-
-.PHONY: freeze
-freeze:
-	$(activate) && $(pip) freeze > $(requirements)

_machines/neptune.yml

@@ -27,6 +27,10 @@ users:
     MACHINE_HAS_KEEPASSX: "true"
   has_yubikey: false
   repositories: []
+  overrides:
+    terraform_version: 1.1.3
+    terraform_check_updates: false
+
 - name: hannes-private
   group: hannes-private
   vt: 2

install.sh

@@ -77,23 +77,15 @@ if ! command -v make >/dev/null ; then
     printf 'Done\n'
 fi
 
-# Required for compiling modules in venv.
-if ! command -v gcc >/dev/null ; then
-    printf 'gcc not installed, installing ...\n'
-    _install "gcc"
-    printf 'Done\n'
-fi
-
-if ! python3 -c 'import venv' 2>/dev/null ; then
-    printf 'Python3 venv module not installed, installing ...\n'
-    _install python3-venv
-    printf 'Done\n'
-fi
-
 if [[ $NAME == "Arch Linux" ]] ; then
     _install "ansible"
 fi
 
+if [[ $NAME == "Ubuntu" ]] ; then
+    _install "ansible"
+    _install "python3-jmespath"
+fi
+
 cd "$DOTDIR" && make
 
 # fix permissions of the directory

playbook.yml

@@ -456,7 +456,7 @@
         become: true
         become_user: rust_build
         changed_when: false
-        loop: "{{ cargo_crate_list|map(attribute='toolchain', default='none')|reject('in', ['none', 'stable', 'nightly']) }}"
+        loop: "{{ cargo_crate_list|selectattr('toolchain', 'defined')|map(attribute='toolchain')|reject('in', ['none', 'stable', 'nightly'])|list }}"
 
       - name: add additional targets
         shell: "{{ cargo_env }} && rustup +{{ item.toolchain|default('stable') }} target add {{ item.target }}"
@@ -482,7 +482,7 @@
       - name: install required packages
         package:
           state: present
-          name: "{{ item.required_packages|map(attribute=distro) }}"
+          name: "{{ item.required_packages|map(attribute=distro)|list }}"
         when: item.required_packages is defined
         become: true
         loop: "{{ cargo_crate_list }}"
@@ -573,7 +573,7 @@
       - name: clean up old binaries for creates.io in /var/lib/rust_build
         command: rm -- {{ binaries | join (" ") }}
         vars:
-          binaries: "{{ lookup('ansible.builtin.fileglob', '/var/lib/rust_build/.cargo/bin/' ~ item.binary ~ '.*', wantlist=True) | reject('eq', '/var/lib/rust_build/.cargo/bin/' ~ binary_id_cratesio) }}"
+          binaries: "{{ lookup('ansible.builtin.fileglob', '/var/lib/rust_build/.cargo/bin/' ~ item.binary ~ '.*', wantlist=True) | reject('eq', '/var/lib/rust_build/.cargo/bin/' ~ binary_id_cratesio) | list }}"
         changed_when: binaries | length > 0
         loop: "{{ cargo_crate_list }}"
         become: true
@@ -584,7 +584,7 @@
       - name: clean up old binaries for creates.io in /usr/local/lib
         command: rm -- {{ binaries | join (" ") }}
         vars:
-          binaries: "{{ lookup('ansible.builtin.fileglob', '/usr/local/lib/binaries/' ~ item.binary ~ '.*', wantlist=True) | reject('eq', '/usr/local/lib/binaries/' ~ binary_id_cratesio) }}"
+          binaries: "{{ lookup('ansible.builtin.fileglob', '/usr/local/lib/binaries/' ~ item.binary ~ '.*', wantlist=True) | reject('eq', '/usr/local/lib/binaries/' ~ binary_id_cratesio) | list }}"
         changed_when: binaries | length > 0
         loop: "{{ cargo_crate_list }}"
         become: true
@@ -595,7 +595,7 @@
       - name: clean up old binaries for git in /var/lib/rust_build
         command: rm -- {{ binaries | join (" ") }}
         vars:
-          binaries: "{{ lookup('ansible.builtin.fileglob', '/var/lib/rust_build/.cargo/bin/' ~ item.binary ~ '.*', wantlist=True) | reject('eq', '/var/lib/rust_build/.cargo/bin/' ~ binary_id_git) }}"
+          binaries: "{{ lookup('ansible.builtin.fileglob', '/var/lib/rust_build/.cargo/bin/' ~ item.binary ~ '.*', wantlist=True) | reject('eq', '/var/lib/rust_build/.cargo/bin/' ~ binary_id_git) | list }}"
         changed_when: binaries | length > 0
         loop: "{{ cargo_crate_list }}"
         become: true
@@ -606,7 +606,7 @@
       - name: clean up old binaries for git in /usr/local/lib
         command: rm -- {{ binaries | join (" ") }}
         vars:
-          binaries: "{{ lookup('ansible.builtin.fileglob', '/usr/local/lib/binaries/' ~ item.binary ~ '.*', wantlist=True) | reject('eq', '/usr/local/lib/binaries/' ~ binary_id_git) }}"
+          binaries: "{{ lookup('ansible.builtin.fileglob', '/usr/local/lib/binaries/' ~ item.binary ~ '.*', wantlist=True) | reject('eq', '/usr/local/lib/binaries/' ~ binary_id_git) | list }}"
         changed_when: binaries | length > 0
         loop: "{{ cargo_crate_list }}"
         become: true
@@ -636,6 +636,7 @@
           get_url:
             url: https://golang.org/dl/go{{ go_version }}.linux-amd64.tar.gz
             dest: "{{ go_download.path }}/go{{ go_version }}.linux-amd64.tar.gz"
+            force: false
 
         - name: unpack go
           unarchive:
@@ -746,7 +747,7 @@
         when: not yubikey_touch_detector_binary.stat.exists
 
       - name: build yubikey-touch-detector
-        shell: sh -c 'PATH=/usr/local/go/bin:$PATH env GOROOT=/usr/local/go GOPATH=$(pwd) go get -u github.com/maximbaz/yubikey-touch-detector'
+        shell: sh -c 'PATH=/usr/local/go/bin:$PATH env GOROOT=/usr/local/go GOPATH=$(pwd) go install github.com/maximbaz/yubikey-touch-detector@main'
         args:
           chdir: "{{ yubikey_touch_detector_build_tempdir.path }}"
         when: not yubikey_touch_detector_binary.stat.exists
@@ -833,8 +834,17 @@
 
     - name: fix permissions for dotfiles directory
       shell: |
-        chown --changes --recursive dotfiles:dotfiles /var/lib/dotfiles
-        chmod --changes --recursive g+wX /var/lib/dotfiles
+        # There is no sane way to specify the global .gitconfig to use, so we
+        # actually have to override HOME so git looks into ~/.gitconfig
+        export HOME="$(mktemp -d)"
+        set -o pipefail
+        set -o errexit
+        cd /var/lib/dotfiles
+        git config --global --add safe.directory /var/lib/dotfiles
+        git ls-tree -z --name-only HEAD | xargs --null chown --changes --recursive dotfiles:dotfiles
+        git ls-tree -z --name-only HEAD | xargs --null chmod --changes --recursive g+wX /var/lib/dotfiles
+      args:
+        executable: /bin/bash
       register: dotfiles_permission_change
       become: true
       become_user: root

requirements.txt

@@ -1,12 +0,0 @@
-ansible==4.6.0
-ansible-core==2.11.5
-cffi==1.14.6
-cryptography==35.0.0
-Jinja2==3.0.1
-jmespath==0.10.0
-MarkupSafe==2.0.1
-packaging==21.0
-pycparser==2.20
-pyparsing==2.4.7
-PyYAML==5.4.1
-resolvelib==0.5.4

user.yml

@@ -440,6 +440,14 @@
       state: directory
       mode: '0755'
 
+  - name: check if host application file already exists
+    stat:
+      path: ~/.mozilla/native-messaging-hosts/{{ item.name }}
+    register: passff_file
+    loop:
+      - name: passff.json
+      - name: passff.py
+
   - name: firefox - get passff host application
     get_url:
       url: https://github.com/passff/passff-host/releases/download/1.2.2/{{ item.name }}
@@ -447,6 +455,8 @@
       owner: "{{ user.name }}"
       group: "{{ user_group_name }}"
       mode: "{{ item.mode }}"
+      force: false
+    when: not (passff_file.results | selectattr('item.name', 'eq', item.name) | list)[0].stat.exists
     loop:
       - name: passff.json
         mode: '0644'
@@ -456,8 +466,10 @@
   - name: firefox - configure path to passff
     lineinfile:
       path: ~/.mozilla/native-messaging-hosts/passff.json
-      search_string: '"path": "PLACEHOLDER"'
-      line: "  \"path\": \"/home/{{ user.name }}/.mozilla/native-messaging-hosts/passff.py\","
+      regexp: '"path": ".*"'
+      line: "  \"path\": \"{{ path }}\","
+    vars:
+      path: "/home/{{ user.name }}/.mozilla/native-messaging-hosts/passff.py"
 
   - name: firefox - create chrome directory
     file:
@@ -503,6 +515,7 @@
       get_url:
         url: https://github.com/buchen/portfolio/releases/download/{{ portfolio_performace_version }}/PortfolioPerformance-{{ portfolio_performace_version }}-linux.gtk.x86_64.tar.gz
         dest: "{{ tempdir.path }}/PortfolioPerformance.{{ portfolio_performace_version }}.tar.gz"
+        force: false
 
     - name: create destination directory
       file:
@@ -575,6 +588,7 @@
       owner: "{{ user.name }}"
       group: "{{ user_group_name }}"
       mode: '0755'
+      force: false
 
   - name: make kubectl executable
     file:
@@ -591,9 +605,13 @@
     - kubectl
 
 - block:
+  - set_fact:
+      tf_version: "{{ user.overrides.terraform_version|default(terraform_version) }}"
+      tf_check_updates: "{{ user.overrides.terraform_check_updates|default(terraform_check_updates)|default(true) }}"
+
   - name: stat current terraform binary
     stat:
-      path: "/home/{{ user.name }}/.opt/terraform-v{{ terraform_version }}"
+      path: "/home/{{ user.name }}/.opt/terraform-v{{ tf_version }}"
     register: terraform_binary
 
   - name: create temporary download directory for terraform
@@ -604,8 +622,9 @@
 
   - name: get terraform
     get_url:
-      url: "https://releases.hashicorp.com/terraform/{{ terraform_version }}/terraform_{{ terraform_version }}_linux_amd64.zip"
+      url: "https://releases.hashicorp.com/terraform/{{ tf_version }}/terraform_{{ tf_version }}_linux_amd64.zip"
       dest: "{{ terraform_download_dir.path }}/terraform.zip"
+      force: false
     when: not terraform_binary.stat.exists
 
   - name: unpack terraform zip
@@ -616,7 +635,7 @@
     when: not terraform_binary.stat.exists
 
   - name: install terraform
-    command: mv "{{ terraform_download_dir.path }}/terraform" /home/{{ user.name }}/.opt/terraform-v{{ terraform_version }}
+    command: mv "{{ terraform_download_dir.path }}/terraform" /home/{{ user.name }}/.opt/terraform-v{{ tf_version }}
     when: not terraform_binary.stat.exists
 
   - name: clean up download directory
@@ -627,26 +646,28 @@
 
   - name: link terraform
     file:
-      src: /home/{{ user.name }}/.opt/terraform-v{{ terraform_version }}
+      src: /home/{{ user.name }}/.opt/terraform-v{{ tf_version }}
       dest: /home/{{ user.name }}/.optbin/terraform
       state: link
 
-  - name: get terraform version info
-    command: /home/{{ user.name }}/.optbin/terraform version -json
-    register: terraform_version_output
-    check_mode: false
-    changed_when: false
+  - block:
+    - name: get terraform version info
+      command: /home/{{ user.name }}/.optbin/terraform version -json
+      register: terraform_version_output
+      check_mode: false
+      changed_when: false
 
-  - name: parse terraform version output
-    set_fact:
-      terraform_outdated: "{{ (terraform_version_output.stdout | from_json()).terraform_outdated }}"
-    changed_when: false
+    - name: parse terraform version output
+      set_fact:
+        terraform_outdated: "{{ (terraform_version_output.stdout | from_json()).terraform_outdated }}"
+      changed_when: false
 
-  - name: warn if terraform is outdated
-    fail:
-      msg: "current terraform v{{ terraform_version }} is out of date"
-    when: terraform_outdated is sameas true
-    ignore_errors: True
+    - name: warn if terraform is outdated
+      fail:
+        msg: "current terraform v{{ tf_version }} is out of date"
+      when: terraform_outdated is sameas true
+      ignore_errors: True
+    when: tf_check_updates
 
   tags:
     - terraform

variables.yml

@@ -1,5 +1,5 @@
-terraform_version: 1.1.9
-kubectl_version: v1.23.6
+terraform_version: 1.2.4
+kubectl_version: v1.24.2
 go_version: "1.18.3"
 portfolio_performace_version: "0.57.2"
 cargo_crate_list:
@@ -29,6 +29,9 @@ cargo_crate_list:
   - crate: watchexec-cli
     binary: watchexec
     version: 1.20.2
+  - crate: mdbook
+    binary: mdbook
+    version: 0.4.18
   - url: https://github.com/hakoerber/git-repo-manager
     binary: grm
     branch: develop

vim/vimrc

@@ -25,7 +25,7 @@ Plug 'junegunn/goyo.vim'
 Plug 'junegunn/limelight.vim'
 " Plug 'sheerun/vim-polyglot'
 " Plug 'freitass/todo.txt-vim'
-Plug 'Valloric/YouCompleteMe', {'commit': '4df6f35f0c9f9aec21a3f567397496b5dee6acc7'}
+Plug 'Valloric/YouCompleteMe'
 Plug 'nathanaelkane/vim-indent-guides'
 
 "Plugin 'Lokaltog/vim-easymotion'