From 377b34381e89cea490d8ab4bcd193a7f4344845e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Flaud=C3=ADsio=20Tolentino?= Date: Tue, 24 Mar 2026 12:25:16 -0300 Subject: [PATCH 1/6] chore: bump Ansible to v2.20 --- ansible.cfg | 1 - config.flaudisio.yml | 2 ++ requirements.txt | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index 225273ac..4e1fb669 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,7 +6,6 @@ roles_path = roles/public:roles/local retry_files_enabled = False callback_result_format = yaml log_path = /tmp/ansible.linux-setup-playbook.log -ansible_managed = Managed by Ansible vault_password_file = scripts/vault-keyring.sh interpreter_python = python3 diff --git a/config.flaudisio.yml b/config.flaudisio.yml index 2f9984b5..bc214a43 100644 --- a/config.flaudisio.yml +++ b/config.flaudisio.yml @@ -3,6 +3,8 @@ # Helper variables # ------------------------------------------------------------------------------ +ansible_managed: Managed by Ansible + __current_user: "{{ lookup('ansible.builtin.env', 'USER') }}" __templates_dir: "{{ playbook_dir }}/../templates" diff --git a/requirements.txt b/requirements.txt index b563f445..5effaa3d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,2 @@ -ansible-core==2.17.* +ansible-core==2.20.* keyring==25.* From 04a7d187d491837c4110b1f462e14a11bed55180 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Flaud=C3=ADsio=20Tolentino?= Date: Tue, 24 Mar 2026 12:27:25 -0300 Subject: [PATCH 2/6] chore(mise): use .venv directory --- .gitignore | 178 ++++++++++++++++++++++++++++++++++++++++++++++++++++- mise.toml | 7 +-- 2 files changed, 178 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index d6b77c5f..6812ae9c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ -# Created by https://www.toptal.com/developers/gitignore/api/linux,macos,archive,windows,intellij,sublimetext,certificates,visualstudiocode,ansible -# Edit at https://www.toptal.com/developers/gitignore?templates=linux,macos,archive,windows,intellij,sublimetext,certificates,visualstudiocode,ansible +# Created by https://www.toptal.com/developers/gitignore/api/linux,macos,ansible,archive,windows,intellij,sublimetext,certificates,visualstudiocode,python +# Edit at https://www.toptal.com/developers/gitignore?templates=linux,macos,ansible,archive,windows,intellij,sublimetext,certificates,visualstudiocode,python ### Ansible ### *.retry @@ -212,6 +212,178 @@ Temporary Items # iCloud generated files *.icloud +### Python ### +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/#use-with-ide +.pdm.toml + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +#.idea/ + +### Python Patch ### +# Poetry local configuration file - https://python-poetry.org/docs/configuration/#local-configuration +poetry.toml + +# ruff +.ruff_cache/ + +# LSP config files +pyrightconfig.json + ### SublimeText ### # Cache files for Sublime Text *.tmlanguage.cache @@ -287,7 +459,7 @@ $RECYCLE.BIN/ # Windows shortcuts *.lnk -# End of https://www.toptal.com/developers/gitignore/api/linux,macos,archive,windows,intellij,sublimetext,certificates,visualstudiocode,ansible +# End of https://www.toptal.com/developers/gitignore/api/linux,macos,ansible,archive,windows,intellij,sublimetext,certificates,visualstudiocode,python # ------------------------------------------------------------------------------ # CUSTOM diff --git a/mise.toml b/mise.toml index 26b27c69..bd4a2417 100644 --- a/mise.toml +++ b/mise.toml @@ -5,12 +5,11 @@ uv = "latest" [vars] PROJECT_NAME = "{{ config_root | basename }}" -VENV_DIR = "{{ env.HOME }}/.virtualenvs/{{ vars.PROJECT_NAME }}" COLLECTIONS_PATH = "collections" ROLES_PATH = "roles/public" [env] -_.python.venv = { path = "{{ vars.VENV_DIR }}", create = true } +_.python.venv = { path = ".venv", create = true } [tasks.pre-commit] description = "Run pre-commit" @@ -27,7 +26,7 @@ run = "git push --follow-tags origin HEAD" [tasks.clean] description = "Remove Ansible installation artifacts (virtualenv, external collections, external roles, etc)" run = [ - "rm -rf -- '{{ vars.VENV_DIR }}'", + "rm -rf -- '.venv'", "git clean -fdx -- '{{ vars.COLLECTIONS_PATH }}' '{{ vars.ROLES_PATH }}'", ] @@ -51,7 +50,7 @@ run = [ [tasks.venv-activate] description = "Print the virtualenv activation command" -run = "echo source '{{ vars.VENV_DIR }}/bin/activate'" +run = "echo source '.venv/bin/activate'" quiet = true [tasks.show-env] From 14e6af2df1e112c8edb60e03ff373da764cc088a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Flaud=C3=ADsio=20Tolentino?= Date: Tue, 24 Mar 2026 12:29:40 -0300 Subject: [PATCH 3/6] chore(mise): simplify vault task names --- mise.toml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/mise.toml b/mise.toml index bd4a2417..b4c5bd47 100644 --- a/mise.toml +++ b/mise.toml @@ -65,20 +65,20 @@ run = [ description = "Configure Ansible Vault password" run = "doppler secrets get VAULT_PASSWORD --project {{ vars.PROJECT_NAME }} --plain | ./scripts/vault-keyring.sh --debug" -[tasks."vault:download-vars"] +[tasks."vault:download"] description = "Create the variables file containing Vault secrets" run = [ "doppler secrets get VAULT_YAML --project {{ vars.PROJECT_NAME }} --plain > vault.yml", "chmod 600 vault.yml", ] +[tasks."vault:upload"] +description = "Upload the variables file to the cloud" +run = "cat vault.yml | doppler secrets set VAULT_YAML --project {{ vars.PROJECT_NAME }} --silent" + [tasks."vault:setup"] description = "Setup the repository to use Ansible Vault" run = [ "mise run vault:password", - "mise run vault:download-vars", + "mise run vault:download", ] - -[tasks."vault:upload-vars"] -description = "Upload the variables file to the cloud" -run = "cat vault.yml | doppler secrets set VAULT_YAML --project {{ vars.PROJECT_NAME }} --silent" From 42bcc598828b43204be86e3f1786e523bd5ba0c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Flaud=C3=ADsio=20Tolentino?= Date: Tue, 24 Mar 2026 12:35:44 -0300 Subject: [PATCH 4/6] chore(mise): use single install task --- mise.toml | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/mise.toml b/mise.toml index b4c5bd47..e23a285a 100644 --- a/mise.toml +++ b/mise.toml @@ -30,24 +30,15 @@ run = [ "git clean -fdx -- '{{ vars.COLLECTIONS_PATH }}' '{{ vars.ROLES_PATH }}'", ] -[tasks."install:ansible"] -description = "Install Ansible and project dependencies" -run = "uv pip install -r requirements.txt" - -[tasks."install:galaxy"] -description = "Install Galaxy dependencies from requirements files" +[tasks.install] +description = "Install dependencies" +alias = "i" run = [ + "uv pip install -r requirements.txt", "ansible-galaxy collection install --upgrade --requirements-file requirements.yml --collections-path '{{ vars.COLLECTIONS_PATH }}'", "ansible-galaxy role install --role-file requirements.yml --roles-path '{{ vars.ROLES_PATH }}'", ] -[tasks.install] -description = "Run all installation tasks" -run = [ - "mise run install:ansible", - "mise run install:galaxy", -] - [tasks.venv-activate] description = "Print the virtualenv activation command" run = "echo source '.venv/bin/activate'" From 189f3e4008a27d052d1d9e4c3f3a834339bb2d18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Flaud=C3=ADsio=20Tolentino?= Date: Tue, 24 Mar 2026 12:45:06 -0300 Subject: [PATCH 5/6] chore(requirements): bump dependencies --- requirements.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index ee4a1fd1..448d07df 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,8 +3,8 @@ collections: - name: ansible.posix version: ">=2.1,<3.0" - name: community.general - version: ">=12.2,<13.0" + version: ">=12.6,<13.0" roles: - src: geerlingguy.docker - version: 7.9.0 + version: 8.0.0 From 3370cb846ed6f3190ad19007ff66fa04bffca16e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Flaud=C3=ADsio=20Tolentino?= Date: Tue, 31 Mar 2026 20:28:34 -0300 Subject: [PATCH 6/6] chore(mise): restore venv dir variable --- mise.toml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/mise.toml b/mise.toml index e23a285a..109fe4fd 100644 --- a/mise.toml +++ b/mise.toml @@ -5,11 +5,12 @@ uv = "latest" [vars] PROJECT_NAME = "{{ config_root | basename }}" +VENV_DIR = ".venv" COLLECTIONS_PATH = "collections" ROLES_PATH = "roles/public" [env] -_.python.venv = { path = ".venv", create = true } +_.python.venv = { path = "{{ vars.VENV_DIR }}", create = true } [tasks.pre-commit] description = "Run pre-commit" @@ -26,7 +27,7 @@ run = "git push --follow-tags origin HEAD" [tasks.clean] description = "Remove Ansible installation artifacts (virtualenv, external collections, external roles, etc)" run = [ - "rm -rf -- '.venv'", + "rm -rf -- '{{ vars.VENV_DIR }}'", "git clean -fdx -- '{{ vars.COLLECTIONS_PATH }}' '{{ vars.ROLES_PATH }}'", ] @@ -41,7 +42,7 @@ run = [ [tasks.venv-activate] description = "Print the virtualenv activation command" -run = "echo source '.venv/bin/activate'" +run = "echo source '{{ vars.VENV_DIR }}/bin/activate'" quiet = true [tasks.show-env]