I have a dotfiles repository for setting up my MacOS machine easily and reproducibly. For this I am mostly using Ansible, just slightly wrapping it with Make and seasoning it with a pinch of Shell.

The core piece of this repository is a Brewfile and a collection of Shell aliases and functions. I don’t regularly run the Ansible playbook itself because I created it for initially setting up a machine. The only thing I run very frequently is the upgrade command which includes persisting new Brew formulae to the Brewfile.

At the same time I have come to love applying GitOps principles to everything I work with. Just the other day I was moving some commands (in the vein of “global Git pull”) out of said upgrade command into a cronjob.

And then it hit me: If I create a cronjob for running my Ansible playbook through the playbook itself, I have GitOps-like reconciliation!

Let’s do it in just a few lines of yaml:

- name: Ensure dotfiles are applied
  cron:
    name: Ensure dotfiles are applied
    minute: "0"
    hour: "9"
    weekday: "1-5" # on workdays
    job: make -f "{{ ansible_env.PWD }}"/Makefile build