From 034994e39808cd94e9593862f8e7a0085a05ecd5 Mon Sep 17 00:00:00 2001 From: Morten Olsen Date: Tue, 8 Oct 2024 21:25:10 +0200 Subject: [PATCH] fix permissions --- Dockerfile | 6 ++--- playbooks/roles/base_info/tasks/main.yml | 3 ++- playbooks/roles/base_system/tasks/main.yml | 8 +++++++ playbooks/roles/base_terminal/meta/main.yml | 1 + .../roles/base_terminal/tasks/config.yml | 2 ++ playbooks/roles/server_ssh/tasks/main.yml | 3 +++ playbooks/roles/software_atuin/tasks/main.yml | 3 +++ playbooks/roles/software_git/tasks/main.yml | 3 +++ .../software_git/tasks/setup-context.yml | 14 ++++++++++++ playbooks/roles/software_nvim/nvim.yml | 22 ------------------- playbooks/roles/software_nvim/tasks/main.yml | 10 ++++++++- playbooks/roles/software_nvm/tasks/main.yml | 5 +++++ playbooks/roles/software_ssh/tasks/main.yml | 2 ++ .../roles/software_starship/tasks/main.yml | 4 +++- playbooks/roles/software_tmux/tasks/main.yml | 3 +++ playbooks/roles/software_zsh/tasks/main.yml | 3 +++ 16 files changed, 64 insertions(+), 28 deletions(-) delete mode 100644 playbooks/roles/software_nvim/nvim.yml diff --git a/Dockerfile b/Dockerfile index 33ae5c1..128c426 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ FROM fedora RUN dnf update -y && dnf install -y \ ansible -RUN useradd -m -s /bin/bash -d /home/alice alice COPY . /opt/setup RUN ansible-playbook /opt/setup/playbooks/image.yml RUN mkdir /workspace && chown alice:alice /workspace -USER dev -WORKDIR /workspace +USER alice +VOLUME /home/alice/workspace +WORKDIR /home/alice/Projects diff --git a/playbooks/roles/base_info/tasks/main.yml b/playbooks/roles/base_info/tasks/main.yml index 0444830..4bff516 100644 --- a/playbooks/roles/base_info/tasks/main.yml +++ b/playbooks/roles/base_info/tasks/main.yml @@ -2,7 +2,7 @@ tags: always ansible.builtin.set_fact: username: alice - home: "{{ ansible_env.HOME }}" + home: "/home/alice" use_become: true mac_os: "{{ ansible_distribution == 'MacOSX' }}" @@ -11,3 +11,4 @@ when: mac_os ansible.builtin.set_fact: install_with_root: false + home: "/Users/alice" diff --git a/playbooks/roles/base_system/tasks/main.yml b/playbooks/roles/base_system/tasks/main.yml index fcd451e..3a17f46 100644 --- a/playbooks/roles/base_system/tasks/main.yml +++ b/playbooks/roles/base_system/tasks/main.yml @@ -15,3 +15,11 @@ update_password: "on_create" create_home: yes group: "{{ username }}" + +- name: Ensure home + tags: always + become: true + ansible.builtin.file: + path: "{{ home }}" + state: directory + owner: "{{ username }}" diff --git a/playbooks/roles/base_terminal/meta/main.yml b/playbooks/roles/base_terminal/meta/main.yml index ee75b16..8296646 100644 --- a/playbooks/roles/base_terminal/meta/main.yml +++ b/playbooks/roles/base_terminal/meta/main.yml @@ -1,3 +1,4 @@ --- dependencies: - role: base_info + - role: base_system diff --git a/playbooks/roles/base_terminal/tasks/config.yml b/playbooks/roles/base_terminal/tasks/config.yml index a5079ad..c88ca14 100644 --- a/playbooks/roles/base_terminal/tasks/config.yml +++ b/playbooks/roles/base_terminal/tasks/config.yml @@ -5,6 +5,7 @@ ansible.builtin.file: mode: "{{ item.mode }}" path: "{{ home }}/{{ item.path }}" + owner: "{{ username }}" state: directory with_community.general.filetree: - ../files/ @@ -19,6 +20,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../files loop_control: diff --git a/playbooks/roles/server_ssh/tasks/main.yml b/playbooks/roles/server_ssh/tasks/main.yml index d8f8cb5..b66694b 100644 --- a/playbooks/roles/server_ssh/tasks/main.yml +++ b/playbooks/roles/server_ssh/tasks/main.yml @@ -6,6 +6,7 @@ mode: "{{ item.mode }}" path: "{{ home }}/{{ item.path }}" state: directory + owner: "{{ username }}" with_community.general.filetree: - ../files loop_control: @@ -19,6 +20,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path | regex_replace('\\.j2$', '') }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../templates loop_control: @@ -32,6 +34,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../files loop_control: diff --git a/playbooks/roles/software_atuin/tasks/main.yml b/playbooks/roles/software_atuin/tasks/main.yml index b0dbce0..f9a7dc7 100644 --- a/playbooks/roles/software_atuin/tasks/main.yml +++ b/playbooks/roles/software_atuin/tasks/main.yml @@ -24,6 +24,7 @@ ansible.builtin.file: path: "{{ home }}/.local/bin" mode: "0755" + owner: "{{ username }}" state: directory - name: Move bin @@ -46,6 +47,7 @@ ansible.builtin.file: mode: "{{ item.mode }}" path: "{{ home }}/{{ item.path }}" + owner: "{{ username }}" state: directory with_community.general.filetree: - ../files @@ -60,6 +62,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../files loop_control: diff --git a/playbooks/roles/software_git/tasks/main.yml b/playbooks/roles/software_git/tasks/main.yml index b841ef4..b1dde99 100644 --- a/playbooks/roles/software_git/tasks/main.yml +++ b/playbooks/roles/software_git/tasks/main.yml @@ -16,6 +16,7 @@ ansible.builtin.file: mode: "{{ item.mode }}" path: "{{ home }}/{{ item.path }}" + owner: "{{ username }}" state: directory with_community.general.filetree: - ../files @@ -30,6 +31,7 @@ ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ home }}/{{ item.path }}" + owner: "{{ username }}" mode: "{{ item.mode }}" with_community.general.filetree: - ../files @@ -44,6 +46,7 @@ ansible.builtin.template: src: "../templates/gitconfig.j2" dest: "{{ home }}/.gitconfig" + owner: "{{ username }}" mode: "644" - name: Setup contexts diff --git a/playbooks/roles/software_git/tasks/setup-context.yml b/playbooks/roles/software_git/tasks/setup-context.yml index 0b871d7..16889f8 100644 --- a/playbooks/roles/software_git/tasks/setup-context.yml +++ b/playbooks/roles/software_git/tasks/setup-context.yml @@ -5,12 +5,23 @@ ansible.builtin.template: src: "../templates/gitconfig.context.j2" dest: "{{ context.path }}/.gitconfig" + owner: "{{ username }}" mode: "644" vars: git: "{{ context.git }}" name: "{{ name }}" when: "'git' in context" +- name: Ensure dir + tags: + - git + - config + ansible.builtin.file: + path: "{{ context.path }}" + state: directory + owner: "{{ username }}" + mode: "0700" + - name: Setup context ssh config tags: - git @@ -18,6 +29,7 @@ ansible.builtin.template: src: "../templates/sshconfig.context.j2" dest: "{{ home }}/.ssh/config.d/git-{{ name }}" + owner: "{{ username }}" mode: "644" vars: name: "{{ name }}" @@ -30,6 +42,7 @@ ansible.builtin.file: path: "{{ home }}/.ssh/keys" state: directory + owner: "{{ username }}" mode: "0700" - name: Setup context public key @@ -39,5 +52,6 @@ ansible.builtin.copy: content: "{{ context.git.signing_key }}" dest: "{{ home }}/.ssh/keys/github-{{ name }}.pub" + owner: "{{ username }}" mode: "0644" when: "'git' in context and 'signing_key' in context.git" diff --git a/playbooks/roles/software_nvim/nvim.yml b/playbooks/roles/software_nvim/nvim.yml deleted file mode 100644 index 5e6b0a6..0000000 --- a/playbooks/roles/software_nvim/nvim.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Configure neovim - tags: - - config - - nvim - ansible.builtin.git: - repo: https://github.com/morten-olsen/nvim - dest: "{{ home }}/.config/nvim" - accept_newhostkey: true - clone: true - update: true - force: true - -- name: Prepare neovim - tags: - - config - - nvim - register: nviminstall - changed_when: nviminstall.stdout != '' - ansible.builtin.shell: nvim --headless +q - args: - executable: /bin/bash diff --git a/playbooks/roles/software_nvim/tasks/main.yml b/playbooks/roles/software_nvim/tasks/main.yml index 68e831c..0bfd120 100644 --- a/playbooks/roles/software_nvim/tasks/main.yml +++ b/playbooks/roles/software_nvim/tasks/main.yml @@ -14,6 +14,7 @@ ansible.builtin.file: mode: "{{ item.mode }}" path: "{{ home }}/{{ item.path }}" + owner: "{{ username }}" state: directory with_community.general.filetree: - ../files @@ -21,7 +22,7 @@ label: "{{ item.path }}" when: item.state == 'directory' -- name: Copy config {{ context }} +- name: Copy config tags: - nvim - config @@ -29,6 +30,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../files loop_control: @@ -39,6 +41,8 @@ tags: - config - nvim + become: true + become_user: "{{ username }}" ansible.builtin.git: repo: https://github.com/morten-olsen/nvim dest: "{{ home }}/Projects/private/nvim" @@ -53,6 +57,7 @@ - nvim ansible.builtin.file: path: "{{ home }}/.config" + owner: "{{ username }}" state: directory mode: "0755" @@ -63,12 +68,15 @@ ansible.builtin.file: src: "{{ home }}/Projects/private/nvim" dest: "{{ home }}/.config/nvim" + owner: "{{ username }}" state: link - name: Prepare neovim tags: - config - nvim + become: true + become_user: "{{ username }}" register: nviminstall changed_when: nviminstall.stdout != '' ansible.builtin.shell: nvim --headless +q diff --git a/playbooks/roles/software_nvm/tasks/main.yml b/playbooks/roles/software_nvm/tasks/main.yml index 9c50ac6..47a215d 100644 --- a/playbooks/roles/software_nvm/tasks/main.yml +++ b/playbooks/roles/software_nvm/tasks/main.yml @@ -7,6 +7,8 @@ - name: Clone nvm tags: - install + become_user: "{{ username }}" + become: true ansible.builtin.git: accept_newhostkey: true clone: true @@ -18,6 +20,7 @@ - name: Install node and set version tags: - config + become_user: "{{ username }}" register: nodeinstall ansible.builtin.shell: source {{ home }}/.nvm/nvm.sh && nvm install 22 changed_when: "'is already installed' not in nodeinstall.stderr" @@ -30,6 +33,7 @@ ansible.builtin.file: mode: "{{ item.mode }}" path: "{{ home }}/{{ item.path }}" + owner: "{{ username }}" state: directory with_community.general.filetree: - ../files @@ -44,6 +48,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../files loop_control: diff --git a/playbooks/roles/software_ssh/tasks/main.yml b/playbooks/roles/software_ssh/tasks/main.yml index 2219315..3167c51 100644 --- a/playbooks/roles/software_ssh/tasks/main.yml +++ b/playbooks/roles/software_ssh/tasks/main.yml @@ -5,6 +5,7 @@ ansible.builtin.file: mode: "{{ item.mode }}" path: "{{ home }}/{{ item.path }}" + owner: "{{ username }}" state: directory with_community.general.filetree: - ../files @@ -20,6 +21,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../files loop_control: diff --git a/playbooks/roles/software_starship/tasks/main.yml b/playbooks/roles/software_starship/tasks/main.yml index d83d3b2..2ded769 100644 --- a/playbooks/roles/software_starship/tasks/main.yml +++ b/playbooks/roles/software_starship/tasks/main.yml @@ -22,7 +22,8 @@ tags: always ansible.builtin.file: mode: "0755" - path: "{{ home }}/.scripts" + path: "{{ home }}/.local/bin" + owner: "{{ username }}" state: directory - name: Move bin @@ -30,5 +31,6 @@ ansible.builtin.copy: remote_src: true mode: "0755" + owner: "{{ username }}" src: "{{ software_starship_unpack_file }}" dest: "{{ home }}/.local/bin/starship" diff --git a/playbooks/roles/software_tmux/tasks/main.yml b/playbooks/roles/software_tmux/tasks/main.yml index d8f8cb5..1f08bca 100644 --- a/playbooks/roles/software_tmux/tasks/main.yml +++ b/playbooks/roles/software_tmux/tasks/main.yml @@ -5,6 +5,7 @@ ansible.builtin.file: mode: "{{ item.mode }}" path: "{{ home }}/{{ item.path }}" + owner: "{{ username }}" state: directory with_community.general.filetree: - ../files @@ -19,6 +20,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path | regex_replace('\\.j2$', '') }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../templates loop_control: @@ -32,6 +34,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../files loop_control: diff --git a/playbooks/roles/software_zsh/tasks/main.yml b/playbooks/roles/software_zsh/tasks/main.yml index 9f9fdc9..8cda4f7 100644 --- a/playbooks/roles/software_zsh/tasks/main.yml +++ b/playbooks/roles/software_zsh/tasks/main.yml @@ -20,6 +20,7 @@ ansible.builtin.file: mode: "{{ item.mode }}" path: "{{ home }}/{{ item.path }}" + owner: "{{ username }}" state: directory with_community.general.filetree: - ../files @@ -34,6 +35,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path | regex_replace('\\.j2$', '') }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../templates loop_control: @@ -47,6 +49,7 @@ src: "{{ item.src }}" dest: "{{ home }}/{{ item.path }}" mode: "{{ item.mode }}" + owner: "{{ username }}" with_community.general.filetree: - ../files loop_control: