From 154a6d6c41e098ca80a5a281326da6c24dde0d72 Mon Sep 17 00:00:00 2001
From: Michael Grote <michael.grote@posteo.de>
Date: Fri, 26 Jan 2024 15:01:00 +0100
Subject: [PATCH] add etckeeper (#649)

Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/649
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
---
 .woodpecker/ansible-lint.yml          | 10 +++++-----
 .woodpecker/gitleaks.yml              |  3 ---
 playbooks/base/system.yml             |  2 ++
 roles/mgrote_etckeeper/tasks/main.yml | 16 ++++++++++++++++
 4 files changed, 23 insertions(+), 8 deletions(-)
 create mode 100644 roles/mgrote_etckeeper/tasks/main.yml

diff --git a/.woodpecker/ansible-lint.yml b/.woodpecker/ansible-lint.yml
index 53bd46f2..a2b63ad1 100644
--- a/.woodpecker/ansible-lint.yml
+++ b/.woodpecker/ansible-lint.yml
@@ -1,7 +1,4 @@
 ---
-kind: pipeline
-type: docker
-name: ansible-lint
 depends_on:
   - gitleaks
 steps:
@@ -9,11 +6,14 @@ steps:
     image: quay.io/ansible/creator-ee
     commands:
       - ansible-lint --version
-      - echo $VAULT-PASS > ./vault-pass.yml # nach des Secret in Großschreibung
+      - echo $${VAULTPASS} > ./vault-pass.yml # nach des Secret in Großschreibung
+      - cat ./vault-pass.yml #debug
       - ansible-galaxy install -r requirements.yml
       - ansible-lint --force-color --format pep8
     when:
       event:
         exclude:
           - tag
-    secret: [vault-pass] #dieses Secret darf verwendet werden
+    secrets:
+      - source: vault-pass # name des Secrets in Woodpecker/GUI
+        target: vaultpass # lower-case Name der variable zur Verwendung in dem CI-File, wird dann so genutzt $${VAULTPASS}
diff --git a/.woodpecker/gitleaks.yml b/.woodpecker/gitleaks.yml
index fd095d7f..3aefe4b9 100644
--- a/.woodpecker/gitleaks.yml
+++ b/.woodpecker/gitleaks.yml
@@ -1,7 +1,4 @@
 ---
-kind: pipeline
-type: docker
-name: gitleaks
 steps:
   gitleaks:
     image: zricethezav/gitleaks:latest
diff --git a/playbooks/base/system.yml b/playbooks/base/system.yml
index 00cfe4b4..08309d97 100644
--- a/playbooks/base/system.yml
+++ b/playbooks/base/system.yml
@@ -3,6 +3,8 @@
   roles:
     - role: mgrote_ntp_chrony_client
       tags: "ntp"
+    - role: mgrote_etckeeper
+      tags: "etckeeper"
     - role: mgrote_postfix
       tags: "postfix"
     - role: mgrote_fail2ban
diff --git a/roles/mgrote_etckeeper/tasks/main.yml b/roles/mgrote_etckeeper/tasks/main.yml
new file mode 100644
index 00000000..fc7a374d
--- /dev/null
+++ b/roles/mgrote_etckeeper/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: ensure etckeeper is installed
+  become: true
+  ansible.builtin.package:
+    name:
+      - etckeeper
+      - git
+    state: present
+    install_recommends: false
+
+- name: ensure repository is initialized
+  ansible.builtin.command: etckeeper init
+  args:
+    chdir: /etc/
+    creates: /etc/.etckeeper
+...