diff --git a/Makefile b/Makefile index 4c85b00..5466e1e 100644 --- a/Makefile +++ b/Makefile @@ -162,3 +162,47 @@ remote-set: ## Set origin to your Gitea repo (GITEA/OWNER/REPO vars) git branch -M main git push -u origin main @echo "✔ Remote set to https://$(GITEA)/$(OWNER)/$(REPO).git" + + +# ==== Convergence (Ansible) ==== +ANS_DIR := ansible +INV_SCRIPT := $(ANS_DIR)/inventory_from_yaml.py +PLAY := $(ANS_DIR)/playbooks/bootstrap.yaml +SSH_USER ?= admin + +# Load your SOPS key for decryption when running playbooks (optional if you use keys.txt) +export SOPS_AGE_KEY := $(shell cat ~/.config/sops/age/keys.txt 2>/dev/null) + +ansible-help: ## Show common Ansible commands + @echo "Convergence targets:" + @echo " make ansible-inventory # show resolved inventory" + @echo " make ansible-ping # ping all hosts" + @echo " make converge # run baseline convergence on all hosts" + @echo " make converge-host HOST=web-01# run on a single host" + @echo " make converge-tags TAGS=base # run only tagged tasks" + @echo " make converge-check # dry-run (check mode)" + @echo " make converge-diff # show config diffs" + +ansible-inventory: ## Print the dynamic inventory Ansible will use + cd $(ANS_DIR) && ansible-inventory --list | head -200 + +ansible-ping: ## Quick connectivity check (SSH + Python availability) + cd $(ANS_DIR) && ansible all -u $(SSH_USER) -m ping + +converge: ## Converge all hosts to the baseline (idempotent) + cd $(ANS_DIR) && ansible-playbook $(PLAY) -u $(SSH_USER) + +converge-host: ## Converge a single host: make converge-host HOST=core-01 + @test -n "$(HOST)" || (echo "Usage: make converge-host HOST="; exit 1) + cd $(ANS_DIR) && ansible-playbook $(PLAY) -u $(SSH_USER) -l $(HOST) + +converge-tags: ## Run only certain tags: make converge-tags TAGS="base,ufw" + @test -n "$(TAGS)" || (echo "Usage: make converge-tags TAGS=tag1,tag2"; exit 1) + cd $(ANS_DIR) && ansible-playbook $(PLAY) -u $(SSH_USER) --tags "$(TAGS)" + +converge-check: ## Dry-run (no changes), great for previews + cd $(ANS_DIR) && ansible-playbook $(PLAY) -u $(SSH_USER) --check + +converge-diff: ## Show file/templating diffs while applying changes + cd $(ANS_DIR) && ansible-playbook $(PLAY) -u $(SSH_USER) --diff +