Fix remote home, fix idempotence

env lookup checks local env, doesn't work in general now role can be rerun without changing anything except setting `remote_user` to `username` and it will still work
Encephala · Dec 19, 2023 · 3685469 · 3685469
1 parent 367ec18
commit 3685469
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 30 deletions.
diff --git a/main.yml b/main.yml
@@ -11,7 +11,6 @@
     # is_wsl: true
     # hostname: Dockerhost
 
-    # ansible_user: root
 
   roles:
     - provision
diff --git a/roles/provision/tasks/dotfiles.yml b/roles/provision/tasks/dotfiles.yml
@@ -4,7 +4,7 @@
   block:
     - name: Set long bash history
       ansible.builtin.lineinfile:
-        path: "{{ lookup('ansible.builtin.env', 'HOME') }}/.bashrc"
+        path: "{{ home }}/.bashrc"
         regexp: "{{ item.find }}"
         line: "{{ item.line }}"
       loop:
@@ -14,9 +14,9 @@
     - name: Add aliases
       ansible.builtin.copy:
         src: bash/dotbash_aliases
-        dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.bash_aliases"
-        owner: "{{ username }}"
-        group: "{{ username }}"
+        dest: "{{ home }}/.bash_aliases"
+        owner: "{{ uid }}"
+        group: "{{ gid }}"
         mode: "0644"
 
 
@@ -25,22 +25,22 @@
     - name: Copy .gitconfig
       ansible.builtin.copy:
         src: git/dotgitconfig
-        dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.gitconfig"
-        owner: "{{ username }}"
-        group: "{{ username }}"
+        dest: "{{ home }}/.gitconfig"
+        owner: "{{ uid }}"
+        group: "{{ gid }}"
         mode: "0644"
 
     - name: Git branch in PS1 - helper files
       ansible.builtin.copy:
         src: git/dotgit/
-        dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.git/"
-        owner: "{{ username }}"
-        group: "{{ username }}"
+        dest: "{{ home }}/.git/"
+        owner: "{{ uid }}"
+        group: "{{ gid }}"
         mode: "0644"
 
     - name: Git branch in PS1 - .bashrc
       ansible.builtin.blockinfile:
-        path: "{{ lookup('ansible.builtin.env', 'HOME') }}/.bashrc"
+        path: "{{ home }}/.bashrc"
         block: |
           # Git stuff
           . "$HOME/.git/git-completion.bash"
@@ -56,33 +56,33 @@
 - name: Copy .lintr
   ansible.builtin.copy:
     src: R/dotlintr
-    dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.lintr"
-    owner: "{{ username }}"
-    group: "{{ username }}"
+    dest: "{{ home }}/.lintr"
+    owner: "{{ uid }}"
+    group: "{{ gid }}"
     mode: "0644"
 
 - name: SSH
   block:
     - name: Ensure .ssh exists
       ansible.builtin.file:
-        dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh"
+        dest: "{{ home }}/.ssh"
         state: directory
-        owner: "{{ username }}"
-        group: "{{ username }}"
+        owner: "{{ uid }}"
+        group: "{{ gid }}"
         mode: "0700"
 
     - name: Copy SSH config
       ansible.builtin.copy:
         src: ssh/config
-        dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh/config"
-        owner: "{{ username }}"
-        group: "{{ username }}"
+        dest: "{{ home }}/.ssh/config"
+        owner: "{{ uid }}"
+        group: "{{ gid }}"
         mode: "0644"
 
 - name: Copy .zshrc
   ansible.builtin.template:
     src: zsh/dotzshrc.j2
-    dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.zshrc"
-    owner: "{{ username }}"
-    group: "{{ username }}"
+    dest: "{{ home }}/.zshrc"
+    owner: "{{ uid }}"
+    group: "{{ gid }}"
     mode: "0644"
diff --git a/roles/provision/tasks/main.yml b/roles/provision/tasks/main.yml
@@ -11,9 +11,31 @@
   tags:
     - account
 
+- name: Retrieve passwd information
+  ansible.builtin.getent:
+    database: passwd
+  tags:
+    - always
+
+- name: Update `username` if not root
+  ansible.builtin.set_fact:
+    username: "{{ ansible_user }}"
+  when: ansible_user != "root"
+  tags:
+    - always
+
+- name: Set user and group id
+  ansible.builtin.set_fact:
+    uid: "{{ getent_passwd[username].1 }}"
+    gid: "{{ getent_passwd[username].2 }}"
+    home: "{{ getent_passwd[username].4 }}"
+  tags:
+    - always
+
+
 - name: Include ssh setup
   ansible.builtin.import_tasks: ssh_setup.yml
-  become: true
+  remote_user: "{{ username }}"
   tags:
     - ssh
 

diff --git a/roles/provision/tasks/ssh_setup.yml b/roles/provision/tasks/ssh_setup.yml
@@ -5,24 +5,24 @@
 
 - name: Authorise SSH key
   ansible.posix.authorized_key:
-    user: "{{ username }}"
+    user: "{{ ansible_user }}"
     key: "{{ lookup('ansible.builtin.file', 'ssh/{{ ssh_key_pub }}') }}"
 
 # authorized_key ensures the directory is created
 - name: Copy SSH private key
-  remote_user: "{{ username }}"
   ansible.builtin.copy:
     src: "ssh/{{ ssh_key }}"
     # ansible_env.HOME doesn't update when specifying remote_user,
     # but ansible.builtin.env lookup does
-    dest: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh/{{ ssh_key }}"
+    dest: "{{ home }}/.ssh/{{ ssh_key }}"
     mode: "0600"
-    owner: "{{ username }}"
-    group: "{{ username }}"
+    owner: "{{ uid }}"
+    group: "{{ gid }}"
   when: copy_private_key | bool
 
 
 - name: Harden SSH
+  become: true
   ansible.builtin.lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "{{ line.find }}"