Posts tagged: ansible

All posts with the tag "ansible"

1 posts latest post 2024-12-05

Vaulted Secrets Without Git Churn

Ansible Vault keeps secrets out of sight, but the ciphertext changes on every encrypt. That turns Git [1] diffs into noise and makes it hard to tell if anything actually changed. Decrypting, editing, and re-encrypting often leaves uncertainty about whether any plaintext changed. This is amplified when secret repos are tightly coupled to dependent repositories. A typical cycle includes decrypting, adding a key, updating a value, applying changes, and returning later with little clarity about what changed while secrets were in plaintext. Today a new workflow was created with @gpt-5.2-codex to keep diffs clean and avoid re-encrypting when the plaintext is identical. Chat-reply This repo has ansible vaulted secrets and an encrypt/decrypt process, but no way to compare. Please research compare options. The goal is to avoid changing files on encrypt/decrypt when plaintext is unchanged, ideally by comparing decrypted content and reusing the remote encrypted file. @gpt-5.2-codex The re...
💭 Ansible Galaxy - amazon.aws galaxy.ansible.com
Ansible Galaxy galaxy.ansible.com [1] Great examples for working with s3 buckets with ansible. Note This post is a thought [2]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://galaxy.ansible.com/ui/repo/published/amazon/aws/content/module/s3_bucket/#examples [2]: /thoughts/
Installing system nerd-fonts with ansible
Lately I’ve been on a journey to really clean up my dotfiles, and I was completely missing fonts. I noticed jumping into a new vm I had a bunch of broken devicons when using Telescope with the devicons plugins. This is one of those things that can be a total pain to get right on some systems, and it’s so nice when it’s just there for you pretty much out of the box. - make sure your user fonts directory exists - chech if the font you want exists on your machine - download and unzip fonts into the fonts directory - repeat 2-3 for all the fonts you use on your system - name: ensure fonts directory file: path: "{{ lookup('env', 'HOME') }}/.fonts" state: directory - name: Hack exists shell: "ls {{ lookup('env', 'HOME') }}/.fonts/Hack*Nerd*Font*Complete*" register: hack_exists ignore_errors: yes - name: Download Hack when: hack_exists is failed ansible.builtin.unarchive: src: https://github.com/ryanoasis/nerd-fonts/releases/download/v2.1.0/Hack.zip dest: "{{ lookup('env', 'HOME') }}/.fonts/" remote_src: yes https://www.youtube.com/watch?v=2MEmsinxRK4 I made a YT based on this post Links # [1] - ansible docs for builtin.unarchive [2] Setup a yaml schema | yamlls...
Installing packages with ansible only if they do not exist
Part of my neovim setup requires having the black python formatter installed and callable. I install it with pipx so that I don’t have to manage a virtual environment [1] and have it available everywhere. So far this works well for me, if there are ever breaking changes I may need to rethink this. re-installing a bunch of things that are already installed can be quite a waste and really add up to my ansible run time, so for most of my ansible tasks that install a command like this I have been following this pattern. - check if the command is installed with command -v <command> - register that step - ignore if that step fails - add a when: <xxx>_exists is failed condition to the step that installs that command. - name: check is black installed shell: command -v black register: black_exists ignore_errors: yes - name: install black when: black_exists is failed shell: pipx install black https://www.youtube.com/watch?v=MCFg6-W5SBI I made a video based on this post, check it out if its your thing References: [1]: /virtual-environment/