From 8b40b4d67655be9894a83162fc2d579486402fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20D=C3=A9siles?= <1536672+cdesiles@users.noreply.github.com> Date: Fri, 14 Nov 2025 00:09:51 +0100 Subject: [PATCH] fix: rely on logical ansible_user instead of this whoami hack --- inventory/host_vars/example.yml | 33 ++++++++++++++++++++++++++++++++ roles/archlinux/tasks/paru.yml | 12 +----------- roles/archlinux/tasks/yay.yml | 12 +----------- roles/docker/tasks/main.yml | 16 +++------------- roles/docker/tasks/uninstall.yml | 4 ++-- roles/podman/tasks/main.yml | 26 +++++++++++-------------- 6 files changed, 51 insertions(+), 52 deletions(-) diff --git a/inventory/host_vars/example.yml b/inventory/host_vars/example.yml index ef80524..59418be 100644 --- a/inventory/host_vars/example.yml +++ b/inventory/host_vars/example.yml @@ -112,3 +112,36 @@ nfs_server_firewall_allowed_sources: nfs_bind_addresses: - 192.168.20.4 - 192.168.1.2 + +# Podman configuration +# -------------------- +podman_external_networks: + - name: immich + subnet: 172.20.0.0/16 + gateway: 172.20.0.1 + +# PostgreSQL configuration +# ------------------------ +postgres_admin_password: "{{ vault_postgres_admin_password }}" +postgres_bind: "127.0.0.1" +postgres_firewall_allowed_sources: + - 127.0.0.0/8 + +# Valkey configuration +# -------------------- +valkey_admin_password: "{{ vault_valkey_admin_password }}" +valkey_bind: "127.0.0.1" +valkey_firewall_allowed_sources: + - 127.0.0.0/8 + +# Valkey ACL users +valkey_acl_users: + - username: immich + password: "{{ vault_immich_valkey_password }}" + keypattern: "immich_bull* immich_channel*" + commands: "&* -@dangerous +@read +@write +@pubsub +select +auth +ping +info +eval +evalsha" + +# Immich configuration +# -------------------- +immich_postgres_password: "{{ vault_immich_postgres_password }}" +immich_valkey_password: "{{ vault_immich_valkey_password }}" diff --git a/roles/archlinux/tasks/paru.yml b/roles/archlinux/tasks/paru.yml index 03d9b43..b913f3a 100644 --- a/roles/archlinux/tasks/paru.yml +++ b/roles/archlinux/tasks/paru.yml @@ -26,21 +26,11 @@ # line: "%wheel ALL=(ALL) NOPASSWD: ALL" # validate: /usr/sbin/visudo -cf %s - # - command: - # cmd: whoami - # no_log: true - # become: false - # register: main_user - - # - set_fact: - # main_user: "{{ main_user.stdout }}" - # no_log: true - # - name: Create paru sources dir # file: # path: "{{ paru_src_path }}" # state: directory - # owner: "{{ main_user }}" + # owner: "{{ ansible_user }}" # - name: Clone git sources # become: false diff --git a/roles/archlinux/tasks/yay.yml b/roles/archlinux/tasks/yay.yml index 378d79a..06d3d63 100644 --- a/roles/archlinux/tasks/yay.yml +++ b/roles/archlinux/tasks/yay.yml @@ -22,21 +22,11 @@ line: "%wheel ALL=(ALL) NOPASSWD: ALL" validate: /usr/sbin/visudo -cf %s - - ansible.builtin.command: - cmd: whoami - no_log: true - become: false - register: main_user - - - ansible.builtin.set_fact: - main_user: "{{ main_user.stdout }}" - no_log: true - - name: Create yay sources dir ansible.builtin.file: path: "{{ yay_src_path }}" state: directory - owner: "{{ main_user }}" + owner: "{{ ansible_user }}" - name: Clone git sources become: false diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 0cbb0f2..32768ff 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -23,26 +23,16 @@ enabled: true state: started -- ansible.builtin.command: - cmd: whoami - no_log: true - become: false - register: main_user - -- ansible.builtin.set_fact: - main_user: "{{ main_user.stdout }}" - no_log: true - - name: Create projects directory ansible.builtin.file: path: "{{ docker_projects_dir }}" state: directory - owner: "{{ main_user }}" - group: "{{ main_user }}" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" - name: Allow user to use docker ansible.builtin.user: - name: "{{ main_user }}" + name: "{{ ansible_user }}" groups: docker append: true register: docker_group diff --git a/roles/docker/tasks/uninstall.yml b/roles/docker/tasks/uninstall.yml index 3210c2b..bda90f6 100644 --- a/roles/docker/tasks/uninstall.yml +++ b/roles/docker/tasks/uninstall.yml @@ -14,6 +14,6 @@ ansible.builtin.file: path: "{{ docker_projects_dir }}" state: absent - owner: "{{ main_user }}" - group: "{{ main_user }}" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" when: confirmation.user_input | lower in ['yes', 'y'] diff --git a/roles/podman/tasks/main.yml b/roles/podman/tasks/main.yml index c5a43aa..58885af 100644 --- a/roles/podman/tasks/main.yml +++ b/roles/podman/tasks/main.yml @@ -6,25 +6,12 @@ - podman-compose state: present -- name: Get main user - ansible.builtin.command: - cmd: whoami - no_log: true - become: false - register: main_user - changed_when: false - -- name: Set main user variable - ansible.builtin.set_fact: - main_user: "{{ main_user.stdout }}" - no_log: true - - name: Create projects directory ansible.builtin.file: path: "{{ podman_projects_dir }}" state: directory - owner: "{{ main_user }}" - group: "{{ main_user }}" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" mode: "0755" - name: Deploy registries configuration @@ -34,3 +21,12 @@ owner: root group: root mode: "0644" + +- name: Create external Podman networks + containers.podman.podman_network: + name: "{{ item.name }}" + subnet: "{{ item.subnet }}" + gateway: "{{ item.gateway }}" + state: present + loop: "{{ podman_external_networks | default([]) }}" + when: podman_external_networks is defined and podman_external_networks | length > 0