Erich Blume
9931829d03
## Summary - Add pre-commit framework with hooks for YAML, Ansible, Python, shell, TOML, JSON, and secret detection - Fix all 91+ ansible-lint violations (variable naming, handler capitalization, changed_when) - Fix shellcheck warnings in mise-tasks scripts - Document pre-commit setup in README.md ## Deployment and Testing - [x] All pre-commit hooks pass (`uvx pre-commit run --all-files`) - [x] Test ansible playbook with `--check` mode - [x] Run `mise run indri-services-check` after deploy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/19
55 lines
1.6 KiB
YAML
55 lines
1.6 KiB
YAML
---
|
|
# Note: devpi is installed via mise (pipx/uvx), not managed here.
|
|
#
|
|
# ONE-TIME SETUP (before running ansible):
|
|
#
|
|
# 1. Add to ~/.config/mise/config.toml on indri:
|
|
#
|
|
# [tools]
|
|
# "pipx:devpi-server" = { version = "latest", uvx = "true", uvx_args = "--with devpi-web" }
|
|
# "pipx:devpi-client" = { version = "latest", uvx = "true" }
|
|
#
|
|
# 2. Install: mise install
|
|
#
|
|
# 3. Initialize with root password (generate password in 1password):
|
|
# mise x -- devpi-init --serverdir {{ devpi_serverdir }} --root-passwd YOUR_PASSWORD
|
|
#
|
|
# 4. Run ansible to deploy LaunchAgent
|
|
#
|
|
# 5. Set up Tailscale service (see management log)
|
|
|
|
- name: Ensure devpi data directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ devpi_serverdir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Generate devpi secret file if not exists
|
|
ansible.builtin.shell: |
|
|
openssl rand -hex 32 > "{{ devpi_secretfile }}"
|
|
args:
|
|
creates: "{{ devpi_secretfile }}"
|
|
|
|
- name: Ensure devpi secret file has secure permissions
|
|
ansible.builtin.file:
|
|
path: "{{ devpi_secretfile }}"
|
|
mode: '0600'
|
|
|
|
- name: Deploy devpi LaunchAgent plist
|
|
ansible.builtin.template:
|
|
src: devpi.plist.j2
|
|
dest: ~/Library/LaunchAgents/mcquack.eblume.devpi.plist
|
|
mode: '0644'
|
|
notify: Reload devpi
|
|
|
|
- name: Check if devpi LaunchAgent is loaded
|
|
ansible.builtin.command: launchctl list mcquack.eblume.devpi
|
|
register: devpi_launchctl_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Load devpi LaunchAgent if not loaded
|
|
ansible.builtin.command: launchctl load ~/Library/LaunchAgents/mcquack.eblume.devpi.plist
|
|
when: devpi_launchctl_check.rc != 0
|
|
changed_when: true
|
|
failed_when: false
|