From 1d587e7fb1a877d530b5582baededf14ab25107e Mon Sep 17 00:00:00 2001 From: Encephala Date: Tue, 19 Dec 2023 17:51:44 +0100 Subject: [PATCH] Fix remote home, fix idempotence env lookup checks local env, doesn't work in general now role can be rerun without changing anything except setting `remote_user` to `username` and it will still work --- main.yml | 1 - roles/provision/tasks/dotfiles.yml | 46 ++++++++++++++--------------- roles/provision/tasks/main.yml | 24 ++++++++++++++- roles/provision/tasks/ssh_setup.yml | 10 +++---- 4 files changed, 51 insertions(+), 30 deletions(-) diff --git a/main.yml b/main.yml index c5a60c0..38da231 100644 --- a/main.yml +++ b/main.yml @@ -11,7 +11,6 @@ # is_wsl: true # hostname: Dockerhost - # ansible_user: root roles: - provision diff --git a/roles/provision/tasks/dotfiles.yml b/roles/provision/tasks/dotfiles.yml index 717ba21..5776d0a 100644 --- a/roles/provision/tasks/dotfiles.yml +++ b/roles/provision/tasks/dotfiles.yml @@ -4,7 +4,7 @@ block: - name: Set long bash history ansible.builtin.lineinfile: - path: "{{ lookup('ansible.builtin.env', 'HOME') }}/.bashrc" + path: "{{ home }}/.bashrc" regexp: "{{ item.find }}" line: "{{ item.line }}" loop: @@ -14,9 +14,9 @@ - name: Add aliases ansible.builtin.copy: src: bash/dotbash_aliases - dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.bash_aliases" - owner: "{{ username }}" - group: "{{ username }}" + dest: "{{ home }}/.bash_aliases" + owner: "{{ uid }}" + group: "{{ gid }}" mode: "0644" @@ -25,22 +25,22 @@ - name: Copy .gitconfig ansible.builtin.copy: src: git/dotgitconfig - dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.gitconfig" - owner: "{{ username }}" - group: "{{ username }}" + dest: "{{ home }}/.gitconfig" + owner: "{{ uid }}" + group: "{{ gid }}" mode: "0644" - name: Git branch in PS1 - helper files ansible.builtin.copy: src: git/dotgit/ - dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.git/" - owner: "{{ username }}" - group: "{{ username }}" + dest: "{{ home }}/.git/" + owner: "{{ uid }}" + group: "{{ gid }}" mode: "0644" - name: Git branch in PS1 - .bashrc ansible.builtin.blockinfile: - path: "{{ lookup('ansible.builtin.env', 'HOME') }}/.bashrc" + path: "{{ home }}/.bashrc" block: | # Git stuff . "$HOME/.git/git-completion.bash" @@ -56,33 +56,33 @@ - name: Copy .lintr ansible.builtin.copy: src: R/dotlintr - dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.lintr" - owner: "{{ username }}" - group: "{{ username }}" + dest: "{{ home }}/.lintr" + owner: "{{ uid }}" + group: "{{ gid }}" mode: "0644" - name: SSH block: - name: Ensure .ssh exists ansible.builtin.file: - dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh" + dest: "{{ home }}/.ssh" state: directory - owner: "{{ username }}" - group: "{{ username }}" + owner: "{{ uid }}" + group: "{{ gid }}" mode: "0700" - name: Copy SSH config ansible.builtin.copy: src: ssh/config - dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh/config" - owner: "{{ username }}" - group: "{{ username }}" + dest: "{{ home }}/.ssh/config" + owner: "{{ uid }}" + group: "{{ gid }}" mode: "0644" - name: Copy .zshrc ansible.builtin.template: src: zsh/dotzshrc.j2 - dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.zshrc" - owner: "{{ username }}" - group: "{{ username }}" + dest: "{{ home }}/.zshrc" + owner: "{{ uid }}" + group: "{{ gid }}" mode: "0644" diff --git a/roles/provision/tasks/main.yml b/roles/provision/tasks/main.yml index bb71f50..4da2d12 100644 --- a/roles/provision/tasks/main.yml +++ b/roles/provision/tasks/main.yml @@ -11,9 +11,31 @@ tags: - account +- name: Retrieve passwd information + ansible.builtin.getent: + database: passwd + tags: + - always + +- name: Update `username` if not root + ansible.builtin.set_fact: + username: "{{ ansible_user }}" + when: ansible_user != "root" + tags: + - always + +- name: Set user and group id + ansible.builtin.set_fact: + uid: "{{ getent_passwd[username].1 }}" + gid: "{{ getent_passwd[username].2 }}" + home: "{{ getent_passwd[username].4 }}" + tags: + - always + + - name: Include ssh setup ansible.builtin.import_tasks: ssh_setup.yml - become: true + remote_user: "{{ username }}" tags: - ssh diff --git a/roles/provision/tasks/ssh_setup.yml b/roles/provision/tasks/ssh_setup.yml index 8a1089e..2749b7b 100644 --- a/roles/provision/tasks/ssh_setup.yml +++ b/roles/provision/tasks/ssh_setup.yml @@ -5,24 +5,24 @@ - name: Authorise SSH key ansible.posix.authorized_key: - user: "{{ username }}" + user: "{{ ansible_user }}" key: "{{ lookup('ansible.builtin.file', 'ssh/{{ ssh_key_pub }}') }}" # authorized_key ensures the directory is created - name: Copy SSH private key - remote_user: "{{ username }}" ansible.builtin.copy: src: "ssh/{{ ssh_key }}" # ansible_env.HOME doesn't update when specifying remote_user, # but ansible.builtin.env lookup does - dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh/{{ ssh_key }}" + dest: "{{ home }}/.ssh/{{ ssh_key }}" mode: "0600" - owner: "{{ username }}" - group: "{{ username }}" + owner: "{{ uid }}" + group: "{{ gid }}" when: copy_private_key | bool - name: Harden SSH + become: true ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config regexp: "{{ line.find }}"