revert parts of "506fa8da8d" (explanation inline) (#217)
Reviewed-on: #217
This commit is contained in:
parent
6d984287bb
commit
d2d6c846a5
3 changed files with 24 additions and 8 deletions
|
@ -2,7 +2,11 @@
|
||||||
- hosts: git
|
- hosts: git
|
||||||
roles:
|
roles:
|
||||||
- role: geerlingguy.postgresql
|
- role: geerlingguy.postgresql
|
||||||
tags: "db"
|
tags:
|
||||||
|
- db
|
||||||
|
- postgres
|
||||||
|
- psql
|
||||||
|
- postgresql
|
||||||
become: true
|
become: true
|
||||||
- role: roles-ansible.gitea
|
- role: roles-ansible.gitea
|
||||||
tags: "gitea"
|
tags: "gitea"
|
||||||
|
|
|
@ -109,8 +109,8 @@
|
||||||
loop: "{{ dotfiles }}"
|
loop: "{{ dotfiles }}"
|
||||||
|
|
||||||
- name: Ensure vundle-repository is cloned
|
- name: Ensure vundle-repository is cloned
|
||||||
become: true
|
|
||||||
become_user: "{{ item.user }}"
|
become_user: "{{ item.user }}"
|
||||||
|
become: true
|
||||||
ansible.builtin.git:
|
ansible.builtin.git:
|
||||||
repo: "{{ dotfiles_vim_vundle_repo_url }}"
|
repo: "{{ dotfiles_vim_vundle_repo_url }}"
|
||||||
dest: "{{ item.home }}/.vim/bundle/Vundle.vim"
|
dest: "{{ item.home }}/.vim/bundle/Vundle.vim"
|
||||||
|
|
|
@ -37,13 +37,25 @@
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
- name: Ensure users are added to sudoers
|
# teilweiser revert von https://git.mgrote.net/mg/homeserver/commit/506fa8da8d8c4ca74d0d78d044468b991d0d560a
|
||||||
community.general.sudoers:
|
# das modul erstellt die sudoers falsch:
|
||||||
name: "users-sudo-{{ item.username }}"
|
# richtig: ansible-user ALL=(ALL) NOPASSWD:ALL
|
||||||
|
# falsch: ansible-user ALL=NOPASSWD: ALL
|
||||||
|
# damit failed ansible wenn der become_user != ansible-user ist
|
||||||
|
# mit Meldung:
|
||||||
|
# TASK [geerlingguy.postgresql : Ensure PostgreSQL Python libraries are installed.]
|
||||||
|
# fatal: [forgejo.mgrote.net]: FAILED! => {"msg": "Missing sudo password"}
|
||||||
|
- name: Ensure users are added or removed to/from sudoers
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
create: true
|
||||||
|
path: "/etc/sudoers.d/users-sudo-{{ item.username }}"
|
||||||
state: "{{ item.state | default('present') }}"
|
state: "{{ item.state | default('present') }}"
|
||||||
user: "{{ item.username }}"
|
block: |
|
||||||
commands: ALL
|
{{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if (item.allow_passwordless_sudo | d(false)) else '' }}ALL
|
||||||
nopassword: "{{ item.allow_passwordless_sudo }}"
|
validate: 'visudo -cf %s'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0440"
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
Loading…
Reference in a new issue