fix permissions

2026-02-08 00:46:24 +01:00 · 2024-10-08 21:25:10 +02:00
parent 134a64b30a
commit 034994e398
16 changed files with 64 additions and 28 deletions
--- a/playbooks/roles/base_info/tasks/main.yml
+++ b/playbooks/roles/base_info/tasks/main.yml
@@ -2,7 +2,7 @@
  tags: always
  ansible.builtin.set_fact:
    username: alice
-    home: "{{ ansible_env.HOME }}"
+    home: "/home/alice"
    use_become: true
    mac_os: "{{ ansible_distribution == 'MacOSX' }}"

@@ -11,3 +11,4 @@
  when: mac_os
  ansible.builtin.set_fact:
    install_with_root: false
+    home: "/Users/alice"
--- a/playbooks/roles/base_system/tasks/main.yml
+++ b/playbooks/roles/base_system/tasks/main.yml
@@ -15,3 +15,11 @@
    update_password: "on_create"
    create_home: yes
    group: "{{ username }}"
+
+- name: Ensure home
+  tags: always
+  become: true
+  ansible.builtin.file:
+    path: "{{ home }}"
+    state: directory
+    owner: "{{ username }}"
--- a/playbooks/roles/base_terminal/meta/main.yml
+++ b/playbooks/roles/base_terminal/meta/main.yml
@@ -1,3 +1,4 @@
 ---
 dependencies:
  - role: base_info
+  - role: base_system
--- a/playbooks/roles/base_terminal/tasks/config.yml
+++ b/playbooks/roles/base_terminal/tasks/config.yml
@@ -5,6 +5,7 @@
  ansible.builtin.file:
    mode: "{{ item.mode }}"
    path: "{{ home }}/{{ item.path }}"
+    owner: "{{ username }}"
    state: directory
  with_community.general.filetree:
    - ../files/
@@ -19,6 +20,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../files
  loop_control:
--- a/playbooks/roles/server_ssh/tasks/main.yml
+++ b/playbooks/roles/server_ssh/tasks/main.yml
@@ -6,6 +6,7 @@
    mode: "{{ item.mode }}"
    path: "{{ home }}/{{ item.path }}"
    state: directory
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../files
  loop_control:
@@ -19,6 +20,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path | regex_replace('\\.j2$', '') }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../templates
  loop_control:
@@ -32,6 +34,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../files
  loop_control:
--- a/playbooks/roles/software_atuin/tasks/main.yml
+++ b/playbooks/roles/software_atuin/tasks/main.yml
@@ -24,6 +24,7 @@
  ansible.builtin.file:
    path: "{{ home }}/.local/bin"
    mode: "0755"
+    owner: "{{ username }}"
    state: directory

 - name: Move bin
@@ -46,6 +47,7 @@
  ansible.builtin.file:
    mode: "{{ item.mode }}"
    path: "{{ home }}/{{ item.path }}"
+    owner: "{{ username }}"
    state: directory
  with_community.general.filetree:
    - ../files
@@ -60,6 +62,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../files
  loop_control:
--- a/playbooks/roles/software_git/tasks/main.yml
+++ b/playbooks/roles/software_git/tasks/main.yml
@@ -16,6 +16,7 @@
  ansible.builtin.file:
    mode: "{{ item.mode }}"
    path: "{{ home }}/{{ item.path }}"
+    owner: "{{ username }}"
    state: directory
  with_community.general.filetree:
    - ../files
@@ -30,6 +31,7 @@
  ansible.builtin.copy:
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path }}"
+    owner: "{{ username }}"
    mode: "{{ item.mode }}"
  with_community.general.filetree:
    - ../files
@@ -44,6 +46,7 @@
  ansible.builtin.template:
    src: "../templates/gitconfig.j2"
    dest: "{{ home }}/.gitconfig"
+    owner: "{{ username }}"
    mode: "644"

 - name: Setup contexts
--- a/playbooks/roles/software_git/tasks/setup-context.yml
+++ b/playbooks/roles/software_git/tasks/setup-context.yml
@@ -5,12 +5,23 @@
  ansible.builtin.template:
    src: "../templates/gitconfig.context.j2"
    dest: "{{ context.path }}/.gitconfig"
+    owner: "{{ username }}"
    mode: "644"
  vars:
    git: "{{ context.git }}"
    name: "{{ name }}"
  when: "'git' in context"

+- name: Ensure dir
+  tags:
+    - git
+    - config
+  ansible.builtin.file:
+    path: "{{ context.path }}"
+    state: directory
+    owner: "{{ username }}"
+    mode: "0700"
+
 - name: Setup context ssh config
  tags:
    - git
@@ -18,6 +29,7 @@
  ansible.builtin.template:
    src: "../templates/sshconfig.context.j2"
    dest: "{{ home }}/.ssh/config.d/git-{{ name }}"
+    owner: "{{ username }}"
    mode: "644"
  vars:
    name: "{{ name }}"
@@ -30,6 +42,7 @@
  ansible.builtin.file:
    path: "{{ home }}/.ssh/keys"
    state: directory
+    owner: "{{ username }}"
    mode: "0700"

 - name: Setup context public key
@@ -39,5 +52,6 @@
  ansible.builtin.copy:
    content: "{{ context.git.signing_key }}"
    dest: "{{ home }}/.ssh/keys/github-{{ name }}.pub"
+    owner: "{{ username }}"
    mode: "0644"
  when: "'git' in context and 'signing_key' in context.git"
--- a/playbooks/roles/software_nvim/nvim.yml
+++ b/playbooks/roles/software_nvim/nvim.yml
@@ -1,22 +0,0 @@
---
- name: Configure neovim
-  tags:
-    - config
-    - nvim
-  ansible.builtin.git:
-    repo: https://github.com/morten-olsen/nvim
-    dest: "{{ home }}/.config/nvim"
-    accept_newhostkey: true
-    clone: true
-    update: true
-    force: true
-
- name: Prepare neovim
-  tags:
-    - config
-    - nvim
-  register: nviminstall
-  changed_when: nviminstall.stdout != ''
-  ansible.builtin.shell: nvim --headless +q
-  args:
-    executable: /bin/bash
--- a/playbooks/roles/software_nvim/tasks/main.yml
+++ b/playbooks/roles/software_nvim/tasks/main.yml
@@ -14,6 +14,7 @@
  ansible.builtin.file:
    mode: "{{ item.mode }}"
    path: "{{ home }}/{{ item.path }}"
+    owner: "{{ username }}"
    state: directory
  with_community.general.filetree:
    - ../files
@@ -21,7 +22,7 @@
    label: "{{ item.path }}"
  when: item.state == 'directory'

- name: Copy config {{ context }}
+- name: Copy config
  tags:
    - nvim
    - config
@@ -29,6 +30,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../files
  loop_control:
@@ -39,6 +41,8 @@
  tags:
    - config
    - nvim
+  become: true
+  become_user: "{{ username }}"
  ansible.builtin.git:
    repo: https://github.com/morten-olsen/nvim
    dest: "{{ home }}/Projects/private/nvim"
@@ -53,6 +57,7 @@
    - nvim
  ansible.builtin.file:
    path: "{{ home }}/.config"
+    owner: "{{ username }}"
    state: directory
    mode: "0755"

@@ -63,12 +68,15 @@
  ansible.builtin.file:
    src: "{{ home }}/Projects/private/nvim"
    dest: "{{ home }}/.config/nvim"
+    owner: "{{ username }}"
    state: link

 - name: Prepare neovim
  tags:
    - config
    - nvim
+  become: true
+  become_user: "{{ username }}"
  register: nviminstall
  changed_when: nviminstall.stdout != ''
  ansible.builtin.shell: nvim --headless +q
--- a/playbooks/roles/software_nvm/tasks/main.yml
+++ b/playbooks/roles/software_nvm/tasks/main.yml
@@ -7,6 +7,8 @@
 - name: Clone nvm
  tags:
    - install
+  become_user: "{{ username }}"
+  become: true
  ansible.builtin.git:
    accept_newhostkey: true
    clone: true
@@ -18,6 +20,7 @@
 - name: Install node and set version
  tags:
    - config
+  become_user: "{{ username }}"
  register: nodeinstall
  ansible.builtin.shell: source {{ home }}/.nvm/nvm.sh && nvm install 22
  changed_when: "'is already installed' not in nodeinstall.stderr"
@@ -30,6 +33,7 @@
  ansible.builtin.file:
    mode: "{{ item.mode }}"
    path: "{{ home }}/{{ item.path }}"
+    owner: "{{ username }}"
    state: directory
  with_community.general.filetree:
    - ../files
@@ -44,6 +48,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../files
  loop_control:
--- a/playbooks/roles/software_ssh/tasks/main.yml
+++ b/playbooks/roles/software_ssh/tasks/main.yml
@@ -5,6 +5,7 @@
  ansible.builtin.file:
    mode: "{{ item.mode }}"
    path: "{{ home }}/{{ item.path }}"
+    owner: "{{ username }}"
    state: directory
  with_community.general.filetree:
    - ../files
@@ -20,6 +21,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../files
  loop_control:
--- a/playbooks/roles/software_starship/tasks/main.yml
+++ b/playbooks/roles/software_starship/tasks/main.yml
@@ -22,7 +22,8 @@
  tags: always
  ansible.builtin.file:
    mode: "0755"
-    path: "{{ home }}/.scripts"
+    path: "{{ home }}/.local/bin"
+    owner: "{{ username }}"
    state: directory

 - name: Move bin
@@ -30,5 +31,6 @@
  ansible.builtin.copy:
    remote_src: true
    mode: "0755"
+    owner: "{{ username }}"
    src: "{{ software_starship_unpack_file }}"
    dest: "{{ home }}/.local/bin/starship"
--- a/playbooks/roles/software_tmux/tasks/main.yml
+++ b/playbooks/roles/software_tmux/tasks/main.yml
@@ -5,6 +5,7 @@
  ansible.builtin.file:
    mode: "{{ item.mode }}"
    path: "{{ home }}/{{ item.path }}"
+    owner: "{{ username }}"
    state: directory
  with_community.general.filetree:
    - ../files
@@ -19,6 +20,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path | regex_replace('\\.j2$', '') }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../templates
  loop_control:
@@ -32,6 +34,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../files
  loop_control:
--- a/playbooks/roles/software_zsh/tasks/main.yml
+++ b/playbooks/roles/software_zsh/tasks/main.yml
@@ -20,6 +20,7 @@
  ansible.builtin.file:
    mode: "{{ item.mode }}"
    path: "{{ home }}/{{ item.path }}"
+    owner: "{{ username }}"
    state: directory
  with_community.general.filetree:
    - ../files
@@ -34,6 +35,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path | regex_replace('\\.j2$', '') }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../templates
  loop_control:
@@ -47,6 +49,7 @@
    src: "{{ item.src }}"
    dest: "{{ home }}/{{ item.path }}"
    mode: "{{ item.mode }}"
+    owner: "{{ username }}"
  with_community.general.filetree:
    - ../files
  loop_control: