Skip to content

Commit

Permalink
chore: move commands to the proper stage
Browse files Browse the repository at this point in the history
  • Loading branch information
samrose committed May 21, 2024
1 parent 9bd0f53 commit e7d6b35
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 28 deletions.
27 changes: 0 additions & 27 deletions ansible-nix/playbook.yml
Original file line number Diff line number Diff line change
Expand Up @@ -118,30 +118,3 @@
debug:
msg: "The postgres user is {{ 'not ' if check_user_group.rc != 0 else '' }}part of the users group"

- name: Install osquery from nixpkgs binary cache
become: yes
shell: |
sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install nixpkgs#osquery"
- name: Install osquery permission check script
become: yes
copy:
src: files/permission_check.py
dest: /home/ubuntu/permission_check.py
mode: "0755"

- name: Run osquery permission checks
become: yes
shell: |
sudo -u ubuntu bash -c "python3 /home/ubuntu/permission_check.py"
- name: Remove osquery permission check script
become: yes
file:
path: /home/ubuntu/permission_check.py
state: absent

- name: Remove osquery
become: yes
shell: |
sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile osquery"
28 changes: 28 additions & 0 deletions ansible-nix/tasks/stage2/playbook.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,31 @@
- name: Print result to Ansible log output
debug:
msg: "The postgres user is {{ 'not ' if check_user_group.rc != 0 else '' }}part of the users group"

- name: Install osquery from nixpkgs binary cache
become: yes
shell: |
sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install nixpkgs#osquery"
- name: Install osquery permission check script
become: yes
copy:
src: files/permission_check.py
dest: /home/ubuntu/permission_check.py
mode: "0755"

- name: Run osquery permission checks
become: yes
shell: |
sudo -u ubuntu bash -c "python3 /home/ubuntu/permission_check.py"
- name: Remove osquery permission check script
become: yes
file:
path: /home/ubuntu/permission_check.py
state: absent

- name: Remove osquery
become: yes
shell: |
sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile osquery"
2 changes: 1 addition & 1 deletion common-nix.vars.pkr.hcl
Original file line number Diff line number Diff line change
@@ -1 +1 @@
postgres-version = "15.6.1.46-nix-staged"
postgres-version = "15.6.1.47-nix-staged"

0 comments on commit e7d6b35

Please sign in to comment.