From 461adeaac14feb64bd930b6104917d6a56f4b4ca Mon Sep 17 00:00:00 2001
From: Harald Pfeiffer <coding@lirion.de>
Date: Sun, 12 Dec 2021 13:41:38 +0100
Subject: Integration of Arch
---
patch.yml | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 63 insertions(+), 6 deletions(-)
diff --git a/patch.yml b/patch.yml
index 92f86b2..e4c26c4 100644
--- a/patch.yml
+++ b/patch.yml
@@ -29,6 +29,12 @@
when: ansible_distribution_file_variety == "SUSE" or ansible_distribution_file_variety == "SuSE"
changed_when: true
notify: "suse upd"
+ - name: Set up Arch and derivatives
+ debug:
+ msg: "System is {{ansible_distribution}} ({{ansible_distribution_file_variety}}), checking in."
+ when: ansible_distribution_file_variety == "Archlinux"
+ changed_when: true
+ notify: "arch upd"
handlers:
- name: Update yum/dnf cache (RHEL)
# We want to see a dedicated failure if the repos cannot be fetched already.
@@ -43,9 +49,14 @@
listen: "redhat upd"
- name: Update repository cache (Debian)
apt:
- update_cache: yes
+ update_cache: "yes"
become: true
listen: "debian upd"
+ - name: Update repository cache (Arch)
+ pacman:
+ update_cache: "yes"
+ become: true
+ listen: "arch upd"
- name: Check for upgrades (RHEL)
# yum check-upgrade would normally throw an RC 100 if updates are available.
# But through ansible: RC0! Weeeee
@@ -72,6 +83,17 @@
- "debian updates available"
- "rkhunter"
listen: "debian upd"
+ - name: Check for upgrades (Arch)
+ # TODO: pikaur
+ shell: /usr/bin/pacman -Qu
+ become: true
+ register: pue
+ failed_when: pue.rc|int > 1
+ changed_when: pue.rc|int == 0
+ notify:
+ - "arch updates available"
+ - "rkhunter"
+ listen: "arch upd"
- name: Check for existence of rkhunter
stat:
path: /usr/bin/rkhunter
@@ -131,7 +153,39 @@
become: true
# we listen to "debian upd" here in case a previous cleanup was skipped. Change to "debian updates available" if undesired.
listen: "debian upd"
- - name: Check for existence of needrestart (Debian)
+# - name: Check for existence of needrestart (Debian)
+# stat:
+# path: /usr/sbin/needrestart
+# register: nrex
+# ignore_errors: "yes"
+# no_log: true
+# failed_when: false
+# changed_when:
+# - nrex.stat.exists == true
+# - nrex.stat.executable == true
+# # we listen to "debian upd" here in case a previous reboot was not executed. If undesired, change to "debian updates available".
+# notify: "debian needrestart"
+# listen: "debian upd"
+# - name: Check for outdated kernel (Debian)
+# shell: /usr/sbin/needrestart -pk
+# register: kernout
+# when:
+# - nrex.stat.exists == true
+# - nrex.stat.executable == true
+# become: true
+# changed_when: "kernout.rc|int == 1"
+# listen: "debian needrestart"
+# notify: "Reboot if required"
+# # failed_when necessary to have a change for RC 1 instead of a failure
+# failed_when: kernout.rc > 1
+ - name: Upgrade packages (Arch)
+ pacman:
+ # DO NOT RUN payman -Sy instead of pacman -Syu, i.e. avoid partial upgrades:
+ update_cache: "yes"
+ upgrade: "yes"
+ become: true
+ listen: "arch updates available"
+ - name: Check for existence of needrestart (Debian, Arch)
stat:
path: /usr/sbin/needrestart
register: nrex
@@ -142,9 +196,12 @@
- nrex.stat.exists == true
- nrex.stat.executable == true
# we listen to "debian upd" here in case a previous reboot was not executed. If undesired, change to "debian updates available".
- notify: "debian needrestart"
- listen: "debian upd"
- - name: Check for outdated kernel (Debian)
+ notify:
+ - "debian arch needrestart"
+ listen:
+ - "debian upd"
+ - "arch upd"
+ - name: Check for outdated kernel (Debian, Arch)
shell: /usr/sbin/needrestart -pk
register: kernout
when:
@@ -152,7 +209,7 @@
- nrex.stat.executable == true
become: true
changed_when: "kernout.rc|int == 1"
- listen: "debian needrestart"
+ listen: "debian arch needrestart"
notify: "Reboot if required"
# failed_when necessary to have a change for RC 1 instead of a failure
failed_when: kernout.rc > 1
--
cgit v1.2.3