jokester/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: rely on logical ansible_user instead of this whoami hack

Browse Source
This commit is contained in:
Clément Désiles 2025-11-14 00:09:51 +01:00
parent 26dc670949
commit 8b40b4d676
No known key found for this signature in database
6 changed files with 51 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
inventory/host_vars/example.yml
View File

@ -112,3 +112,36 @@ nfs_server_firewall_allowed_sources:
nfs_bind_addresses: nfs_bind_addresses:
- 192.168.20.4 - 192.168.20.4
- 192.168.1.2 - 192.168.1.2
# Podman configuration
# --------------------
podman_external_networks:
- name: immich
subnet: 172.20.0.0/16
gateway: 172.20.0.1
# PostgreSQL configuration
# ------------------------
postgres_admin_password: "{{ vault_postgres_admin_password }}"
postgres_bind: "127.0.0.1"
postgres_firewall_allowed_sources:
- 127.0.0.0/8
# Valkey configuration
# --------------------
valkey_admin_password: "{{ vault_valkey_admin_password }}"
valkey_bind: "127.0.0.1"
valkey_firewall_allowed_sources:
- 127.0.0.0/8
# Valkey ACL users
valkey_acl_users:
- username: immich
password: "{{ vault_immich_valkey_password }}"
keypattern: "immich_bull* immich_channel*"
commands: "&* -@dangerous +@read +@write +@pubsub +select +auth +ping +info +eval +evalsha"
# Immich configuration
# --------------------
immich_postgres_password: "{{ vault_immich_postgres_password }}"
immich_valkey_password: "{{ vault_immich_valkey_password }}"

12
roles/archlinux/tasks/paru.yml
View File

@ -26,21 +26,11 @@
# line: "%wheel ALL=(ALL) NOPASSWD: ALL" # line: "%wheel ALL=(ALL) NOPASSWD: ALL"
# validate: /usr/sbin/visudo -cf %s # validate: /usr/sbin/visudo -cf %s
# - command:
# cmd: whoami
# no_log: true
# become: false
# register: main_user
# - set_fact:
# main_user: "{{ main_user.stdout }}"
# no_log: true
# - name: Create paru sources dir # - name: Create paru sources dir
# file: # file:
# path: "{{ paru_src_path }}" # path: "{{ paru_src_path }}"
# state: directory # state: directory
# owner: "{{ main_user }}" # owner: "{{ ansible_user }}"
# - name: Clone git sources # - name: Clone git sources
# become: false # become: false

12
roles/archlinux/tasks/yay.yml
View File

@ -22,21 +22,11 @@
line: "%wheel ALL=(ALL) NOPASSWD: ALL" line: "%wheel ALL=(ALL) NOPASSWD: ALL"
validate: /usr/sbin/visudo -cf %s validate: /usr/sbin/visudo -cf %s
- ansible.builtin.command:
cmd: whoami
no_log: true
become: false
register: main_user
- ansible.builtin.set_fact:
main_user: "{{ main_user.stdout }}"
no_log: true
- name: Create yay sources dir - name: Create yay sources dir
ansible.builtin.file: ansible.builtin.file:
path: "{{ yay_src_path }}" path: "{{ yay_src_path }}"
state: directory state: directory
owner: "{{ main_user }}" owner: "{{ ansible_user }}"
- name: Clone git sources - name: Clone git sources
become: false become: false

16
roles/docker/tasks/main.yml
View File

@ -23,26 +23,16 @@
enabled: true enabled: true
state: started state: started
- ansible.builtin.command:
cmd: whoami
no_log: true
become: false
register: main_user
- ansible.builtin.set_fact:
main_user: "{{ main_user.stdout }}"
no_log: true
- name: Create projects directory - name: Create projects directory
ansible.builtin.file: ansible.builtin.file:
path: "{{ docker_projects_dir }}" path: "{{ docker_projects_dir }}"
state: directory state: directory
owner: "{{ main_user }}" owner: "{{ ansible_user }}"
group: "{{ main_user }}" group: "{{ ansible_user }}"
- name: Allow user to use docker - name: Allow user to use docker
ansible.builtin.user: ansible.builtin.user:
name: "{{ main_user }}" name: "{{ ansible_user }}"
groups: docker groups: docker
append: true append: true
register: docker_group register: docker_group

4
roles/docker/tasks/uninstall.yml
View File

@ -14,6 +14,6 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ docker_projects_dir }}" path: "{{ docker_projects_dir }}"
state: absent state: absent
owner: "{{ main_user }}" owner: "{{ ansible_user }}"
group: "{{ main_user }}" group: "{{ ansible_user }}"
when: confirmation.user_input | lower in ['yes', 'y'] when: confirmation.user_input | lower in ['yes', 'y']

26
roles/podman/tasks/main.yml
View File

@ -6,25 +6,12 @@
- podman-compose - podman-compose
state: present state: present
- name: Get main user
ansible.builtin.command:
cmd: whoami
no_log: true
become: false
register: main_user
changed_when: false
- name: Set main user variable
ansible.builtin.set_fact:
main_user: "{{ main_user.stdout }}"
no_log: true
- name: Create projects directory - name: Create projects directory
ansible.builtin.file: ansible.builtin.file:
path: "{{ podman_projects_dir }}" path: "{{ podman_projects_dir }}"
state: directory state: directory
owner: "{{ main_user }}" owner: "{{ ansible_user }}"
group: "{{ main_user }}" group: "{{ ansible_user }}"
mode: "0755" mode: "0755"
- name: Deploy registries configuration - name: Deploy registries configuration
@ -34,3 +21,12 @@
owner: root owner: root
group: root group: root
mode: "0644" mode: "0644"
- name: Create external Podman networks
containers.podman.podman_network:
name: "{{ item.name }}"
subnet: "{{ item.subnet }}"
gateway: "{{ item.gateway }}"
state: present
loop: "{{ podman_external_networks | default([]) }}"
when: podman_external_networks is defined and podman_external_networks | length > 0