From 7230b1c5b5f08d7b366900e3b28540e6c37b2391 Mon Sep 17 00:00:00 2001 From: Matej Focko Date: Wed, 27 Aug 2025 23:19:36 +0200 Subject: [PATCH 1/3] chore(devenv): bump to newer version Signed-off-by: Matej Focko --- devenv.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/devenv.lock b/devenv.lock index 4b206a1..7ec1db3 100644 --- a/devenv.lock +++ b/devenv.lock @@ -3,10 +3,10 @@ "devenv": { "locked": { "dir": "src/modules", - "lastModified": 1752456450, + "lastModified": 1756101922, "owner": "cachix", "repo": "devenv", - "rev": "e2a9d0dd4cf87a1801c6d9e0d7a57bdd6de26ace", + "rev": "372c975fd0d5b7fc1ffbb15c75a21d7f9ea97603", "type": "github" }, "original": { @@ -40,10 +40,10 @@ ] }, "locked": { - "lastModified": 1750779888, + "lastModified": 1755960406, "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", "type": "github" }, "original": { @@ -74,10 +74,10 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751984180, + "lastModified": 1756266583, "owner": "nixos", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2", "type": "github" }, "original": { From bd055a6343688dbed6015c3b52508a9b497493b2 Mon Sep 17 00:00:00 2001 From: Matej Focko Date: Wed, 27 Aug 2025 23:20:07 +0200 Subject: [PATCH 2/3] fix(deploy): always set git_forges Based on the instructions in packit/private#60, we should run DEPLOYMENT=prod TAGS=secrets make deploy to update the Packit Service config after rotating the tokens, but the tasks that fetch the dictionary containing the git-forge tokens are skipped because of the `TAGS=secrets`, therefore mark the affected tasks with `tags: [always]` to ensure the facts are populated. Related to packit/private#60 Signed-off-by: Matej Focko --- tasks/set-facts.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tasks/set-facts.yml b/tasks/set-facts.yml index 9aa1482..ce95b97 100644 --- a/tasks/set-facts.yml +++ b/tasks/set-facts.yml @@ -49,10 +49,14 @@ redis_hostname: "{{ kv_database }}" - name: Set Bitwarden URI + tags: + - always ansible.builtin.set_fact: bw_uri: "ansible://{{ service }}/{{ deployment }}" - name: Fetch git forges when: deployment != "dev" + tags: + - always ansible.builtin.set_fact: git_forges: "{{ lookup('community.general.bitwarden', bw_uri + '/git', search='') }}" From 90499ff0aa7e1378e715057301b20da200acc009 Mon Sep 17 00:00:00 2001 From: Matej Focko Date: Wed, 27 Aug 2025 23:29:22 +0200 Subject: [PATCH 3/3] docs: add a note about `ANSIBLE_PYTHON` and devenv Signed-off-by: Matej Focko --- docs/deployment/nix.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/deployment/nix.md b/docs/deployment/nix.md index 6ac665b..11fbb5f 100644 --- a/docs/deployment/nix.md +++ b/docs/deployment/nix.md @@ -57,3 +57,7 @@ Feel free to follow the [devenv.sh' “Getting Started”](https://devenv.sh/get Bitwarden CLI is currently broken on macOS, therefore it's not included in the devenv.sh' config. + +There's also a need to set `ANSIBLE_PYTHON` as _devenv.sh_ creates a venv with +the dependencies that need to be installed manually (such as `kubernetes`) for +the playbooks to work properly.