revert parts of "506fa8da8d" (explanation inline) (#217)
All checks were successful
ansible-lint / gitleaks (push) Successful in 3s
ansible-lint / Ansible Lint (push) Successful in 30s

Reviewed-on: #217
This commit is contained in:
Michael Grote 2024-10-23 22:55:41 +02:00
parent 6d984287bb
commit d2d6c846a5
3 changed files with 24 additions and 8 deletions

View file

@ -2,7 +2,11 @@
- hosts: git - hosts: git
roles: roles:
- role: geerlingguy.postgresql - role: geerlingguy.postgresql
tags: "db" tags:
- db
- postgres
- psql
- postgresql
become: true become: true
- role: roles-ansible.gitea - role: roles-ansible.gitea
tags: "gitea" tags: "gitea"

View file

@ -109,8 +109,8 @@
loop: "{{ dotfiles }}" loop: "{{ dotfiles }}"
- name: Ensure vundle-repository is cloned - name: Ensure vundle-repository is cloned
become: true
become_user: "{{ item.user }}" become_user: "{{ item.user }}"
become: true
ansible.builtin.git: ansible.builtin.git:
repo: "{{ dotfiles_vim_vundle_repo_url }}" repo: "{{ dotfiles_vim_vundle_repo_url }}"
dest: "{{ item.home }}/.vim/bundle/Vundle.vim" dest: "{{ item.home }}/.vim/bundle/Vundle.vim"

View file

@ -37,13 +37,25 @@
loop: '{{ users }}' loop: '{{ users }}'
no_log: true no_log: true
- name: Ensure users are added to sudoers # teilweiser revert von https://git.mgrote.net/mg/homeserver/commit/506fa8da8d8c4ca74d0d78d044468b991d0d560a
community.general.sudoers: # das modul erstellt die sudoers falsch:
name: "users-sudo-{{ item.username }}" # richtig: ansible-user ALL=(ALL) NOPASSWD:ALL
# falsch: ansible-user ALL=NOPASSWD: ALL
# damit failed ansible wenn der become_user != ansible-user ist
# mit Meldung:
# TASK [geerlingguy.postgresql : Ensure PostgreSQL Python libraries are installed.]
# fatal: [forgejo.mgrote.net]: FAILED! => {"msg": "Missing sudo password"}
- name: Ensure users are added or removed to/from sudoers
ansible.builtin.blockinfile:
create: true
path: "/etc/sudoers.d/users-sudo-{{ item.username }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
user: "{{ item.username }}" block: |
commands: ALL {{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if (item.allow_passwordless_sudo | d(false)) else '' }}ALL
nopassword: "{{ item.allow_passwordless_sudo }}" validate: 'visudo -cf %s'
owner: root
group: root
mode: "0440"
loop: '{{ users }}' loop: '{{ users }}'
when: item.allow_sudo|default(false) and item.allow_sudo is defined when: item.allow_sudo|default(false) and item.allow_sudo is defined
no_log: true no_log: true