Posts tagged: ansible

All posts with the tag "ansible"

1 posts latest post 2024-12-05

Vaulted Secrets Without Git Churn

Ansible Vault keeps secrets out of sight, but the ciphertext changes on every encrypt. That turns Git [1] diffs into noise and makes it hard to tell if anything actually changed. Decrypting, editing, and re-encrypting often leaves uncertainty about whether any plaintext changed. This is amplified when secret repos are tightly coupled to dependent repositories. A typical cycle includes decrypting, adding a key, updating a value, applying changes, and returning later with little clarity about what changed while secrets were in plaintext. Today a new workflow was created with @gpt-5.2-codex to keep diffs clean and avoid re-encrypting when the plaintext is identical. [2]Waylon Walker This repo has ansible vaulted secrets and an encrypt/decrypt process, but no way to compare. Please research compare options. The goal is to avoid changing files on encrypt/decrypt when plaintext is unchanged, ideally by comparing decrypted content and reusing the remote encrypted file. @gpt-5.2-codex ...

Lately I’ve been on a journey to really clean up my dotfiles, and I was completely missing fonts. I noticed jumping into a new vm I had a bunch of broken devicons when using Telescope with the devicons plugins.

This is one of those things that can be a total pain to get right on some systems, and it’s so nice when it’s just there for you pretty much out of the box.

  1. make sure your user fonts directory exists
  2. chech if the font you want exists on your machine
  3. download and unzip fonts into the fonts directory
  4. repeat 2-3 for all the fonts you use on your system
- name: ensure fonts directory
  file:
    path: "{{ lookup('env', 'HOME') }}/.fonts"
    state: directory

- name: Hack exists
  shell: "ls {{ lookup('env', 'HOME') }}/.fonts/Hack*Nerd*Font*Complete*"
  register: hack_exists
  ignore_errors: yes

- name: Download Hack
  when: hack_exists is failed
  ansible.builtin.unarchive:
    src: https://github.com/ryanoasis/nerd-fonts/releases/download/v2.1.0/Hack.zip
    dest: "{{ lookup('env', 'HOME') }}/.fonts/"
    remote_src: yes

https://www.youtube.com/watch?v=2MEmsinxRK4

I made a YT based on this post

Setup a yaml schema | yamlls for a silky smooth setup

check out how I install yamlls using ansible

Part of my neovim setup requires having the black python formatter installed and callable. I install it with pipx so that I don’t have to manage a virtual environment and have it available everywhere. So far this works well for me, if there are ever breaking changes I may need to rethink this.

re-installing a bunch of things that are already installed can be quite a waste and really add up to my ansible run time, so for most of my ansible tasks that install a command like this I have been following this pattern.

  1. check if the command is installed with command -v <command>
  2. register that step
  3. ignore if that step fails
  4. add a when: <xxx>_exists is failed condition to the step that installs that command.
- name: check is black installed
  shell: command -v black
  register: black_exists
  ignore_errors: yes

- name: install black
  when: black_exists is failed
  shell: pipx install black

https://www.youtube.com/watch?v=MCFg6-W5SBI

I made a video based on this post, check it out if its your thing