I have this cunning plan, @feld may be able to sanity check this one for me.

I have accumulated a few not-on-disk ssh-keys (see my recent posts about Secretive and Yubikeys).

I do have a configuration script (#ansible) which sends out all my ssh-keys to the hosts. I do not have faith that it will not override local changes not committed to ansible. I may lose local changes/access.

My idea: deploy my not-on-disk public ssh keys to ~/.ssh/authorized_keys2 - that file is currently not in use.

I have completed writing an Ansible role to self-host Firefox Sync server. Thanks to Ansible being just YAML, I hope others can be helped even without running the role by simply reading the code, comments, and commit messages.

https://codeberg.org/ansible/mozilla-syncserver

big changes coming to #ansible

"The new Data Tagging feature expands provenance tracking on variables to nearly every source. This allows for much more descriptive error messaging, as the entire chain of execution can be consulted to include contextual information about what was happening when an error occurred- in many cases including display of the offending source lines with column markers.

#ansible #wip

https://github.com/nitzmahone/ansible-documentation/blob/core_data_tagging/docs/docsite/rst/porting_guides/porting_guide_core_2.19.rst

https://github.com/ansible/ansible/pull/84621

As part of or work on #Cellbroadcast we've documented our current test setup: https://codeberg.org/Phosh/gsm-cell-testing using #osmocom for the mobile network parts and #ansible for deploying #ModemManager on the devices, performing the tests and checking the results.

Thanks to @NGIZero for supporting our work on this.

Wer einen ganzen Zoo von Servern, VMs und/oder Kleinstcomputern verwaltet, sehnt sich schnell nach einem Werkzeug, dass einem ein paar Aufgaben abnimmt.

Eines ist #Ansible und mit einem vorgeschalteten #Semaphore lässt es sich auch noch gut automatisieren. Eine Installationsanleitung kann ich jetzt im Blog auch beitragen:

Automatisierte Aktualisierungen mit Semaphore/Ansible

#Linux #Admin

https://www.jcs-net.de/blog/automatisierte-aktualisierungen-mit-semaphore-ansible

Automatically configure your server with Ansible

https://github.com/mist941/basic-server-configuration

Discussions: https://discu.eu/q/https://github.com/mist941/basic-server-configuration

#Ansible why is this an error in a playbook?

gather_cats: false

It should be correct ;-)

What #Ansible Project/Module/Role should I use to provision an #OpenWRT Router?

#ansible #configuration #configurationmanagement

https://forum.openwrt.org/t/what-ansible-project-module-role-should-be-used-to-provision-an-openwrt-router-from-scratch/229252

Hello, hachyderm! we've been working hard on building up our ansible runbooks and improving hachyderm's overall resilience. Recently, we've been focusing on is database resilience.

We're getting close to retiring our original database server (finally!) and preparing to move to a fully ansible-managed set of databases servers, primary and replica on new hardware. We'll send another announcement when we do the cut over. The team has done excellent work to make this highly automated, quick, and painless!

Done:

author ansible roles for managing postgresql, pgbackrest (backups), pgbouncer, and primary/replica failover
decide to continue with pgbouncer and *not* use pgcat
rotate database passwords
order new replica database hardware
order new future primary database hardware

To do soon:

rebuild replica database with ansible scripts
prepare primary database with ansible scripts
start replicating to new database replica
cut over to new database server

We're also planning on open-sourcing our ansible roles in the coming weeks - just a little housekeeping & tidying up before we do!

For years now I’ve had a bit of a bee under my cap: would it be possible to unlock a Vault file with a GnuPG-compatible smart card? And what if the smart card were local and the unlocking had to be triggered remotely?

Forwarding GnuPG agent over SSH

https://jpmens.net/2025/04/04/forwarding-gnupg-agent-over-ssh/

#gpg #ansible

Edit: I have amended the sentence regarding distinct machines. Works fine on two different Linux boxes.

Hierarchical view of ansible-playbook, insights and more ! (public release end of April)

https://github.com/RogerMarchal/balaxy/tree/main

Discussions: https://discu.eu/q/https://github.com/RogerMarchal/balaxy/tree/main

Current status: waiting on #Ansible

ansible-playbook jail-named.yml --limit=dns1.int.unixathome.org

And for my second cappuccino.

Oh the glorious mornings of #homelab

#Ansible's decision to use Jinja in values only, and not render the YAML itself through Jinja (like Salt does) might make some things a bit more clean, but it also makes a _lot_ of things significantly more difficult.