fix: rely on logical ansible_user instead of this whoami hack

2025-11-14 00:09:51 +01:00 · 2025-11-14 00:09:51 +01:00 · 8b40b4d676
commit 8b40b4d676
parent 26dc670949
6 changed files with 51 additions and 52 deletions
--- a/inventory/host_vars/example.yml
+++ b/inventory/host_vars/example.yml
@ -112,3 +112,36 @@ nfs_server_firewall_allowed_sources:
 nfs_bind_addresses:
  - 192.168.20.4
  - 192.168.1.2
+
+# Podman configuration
+# --------------------
+podman_external_networks:
+  - name: immich
+    subnet: 172.20.0.0/16
+    gateway: 172.20.0.1
+
+# PostgreSQL configuration
+# ------------------------
+postgres_admin_password: "{{ vault_postgres_admin_password }}"
+postgres_bind: "127.0.0.1"
+postgres_firewall_allowed_sources:
+  - 127.0.0.0/8
+
+# Valkey configuration
+# --------------------
+valkey_admin_password: "{{ vault_valkey_admin_password }}"
+valkey_bind: "127.0.0.1"
+valkey_firewall_allowed_sources:
+  - 127.0.0.0/8
+
+# Valkey ACL users
+valkey_acl_users:
+  - username: immich
+    password: "{{ vault_immich_valkey_password }}"
+    keypattern: "immich_bull* immich_channel*"
+    commands: "&* -@dangerous +@read +@write +@pubsub +select +auth +ping +info +eval +evalsha"
+
+# Immich configuration
+# --------------------
+immich_postgres_password: "{{ vault_immich_postgres_password }}"
+immich_valkey_password: "{{ vault_immich_valkey_password }}"
--- a/roles/archlinux/tasks/paru.yml
+++ b/roles/archlinux/tasks/paru.yml
@ -26,21 +26,11 @@
  #         line: "%wheel ALL=(ALL) NOPASSWD: ALL"
  #         validate: /usr/sbin/visudo -cf %s

-  #     - command:
-  #         cmd: whoami
-  #       no_log: true
-  #       become: false
-  #       register: main_user
-
-  #     - set_fact:
-  #         main_user: "{{ main_user.stdout }}"
-  #       no_log: true
-
  #     - name: Create paru sources dir
  #       file:
  #         path: "{{ paru_src_path }}"
  #         state: directory
-  #         owner: "{{ main_user }}"
+  #         owner: "{{ ansible_user }}"

  #     - name: Clone git sources
  #       become: false
--- a/roles/archlinux/tasks/yay.yml
+++ b/roles/archlinux/tasks/yay.yml
@ -22,21 +22,11 @@
        line: "%wheel ALL=(ALL) NOPASSWD: ALL"
        validate: /usr/sbin/visudo -cf %s

-    - ansible.builtin.command:
-        cmd: whoami
-      no_log: true
-      become: false
-      register: main_user
-
-    - ansible.builtin.set_fact:
-        main_user: "{{ main_user.stdout }}"
-      no_log: true
-
    - name: Create yay sources dir
      ansible.builtin.file:
        path: "{{ yay_src_path }}"
        state: directory
-        owner: "{{ main_user }}"
+        owner: "{{ ansible_user }}"

    - name: Clone git sources
      become: false
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -23,26 +23,16 @@
    enabled: true
    state: started

- ansible.builtin.command:
-    cmd: whoami
-  no_log: true
-  become: false
-  register: main_user
-
- ansible.builtin.set_fact:
-    main_user: "{{ main_user.stdout }}"
-  no_log: true
-
 - name: Create projects directory
  ansible.builtin.file:
    path: "{{ docker_projects_dir }}"
    state: directory
-    owner: "{{ main_user }}"
-    group: "{{ main_user }}"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"

 - name: Allow user to use docker
  ansible.builtin.user:
-    name: "{{ main_user }}"
+    name: "{{ ansible_user }}"
    groups: docker
    append: true
  register: docker_group
--- a/roles/docker/tasks/uninstall.yml
+++ b/roles/docker/tasks/uninstall.yml
@ -14,6 +14,6 @@
  ansible.builtin.file:
    path: "{{ docker_projects_dir }}"
    state: absent
-    owner: "{{ main_user }}"
-    group: "{{ main_user }}"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
  when: confirmation.user_input | lower in ['yes', 'y']
--- a/roles/podman/tasks/main.yml
+++ b/roles/podman/tasks/main.yml
@ -6,25 +6,12 @@
      - podman-compose
    state: present

- name: Get main user
-  ansible.builtin.command:
-    cmd: whoami
-  no_log: true
-  become: false
-  register: main_user
-  changed_when: false
-
- name: Set main user variable
-  ansible.builtin.set_fact:
-    main_user: "{{ main_user.stdout }}"
-  no_log: true
-
 - name: Create projects directory
  ansible.builtin.file:
    path: "{{ podman_projects_dir }}"
    state: directory
-    owner: "{{ main_user }}"
-    group: "{{ main_user }}"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
    mode: "0755"

 - name: Deploy registries configuration
@ -34,3 +21,12 @@
    owner: root
    group: root
    mode: "0644"
+
+- name: Create external Podman networks
+  containers.podman.podman_network:
+    name: "{{ item.name }}"
+    subnet: "{{ item.subnet }}"
+    gateway: "{{ item.gateway }}"
+    state: present
+  loop: "{{ podman_external_networks | default([]) }}"
+  when: podman_external_networks is defined and podman_external_networks | length > 0