diff --git a/ansible-nix/playbook.yml b/ansible-nix/playbook.yml index ab3d2b7b8..c1bb3b898 100644 --- a/ansible-nix/playbook.yml +++ b/ansible-nix/playbook.yml @@ -118,30 +118,3 @@ debug: msg: "The postgres user is {{ 'not ' if check_user_group.rc != 0 else '' }}part of the users group" - - name: Install osquery from nixpkgs binary cache - become: yes - shell: | - sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install nixpkgs#osquery" - - - name: Install osquery permission check script - become: yes - copy: - src: files/permission_check.py - dest: /home/ubuntu/permission_check.py - mode: "0755" - - - name: Run osquery permission checks - become: yes - shell: | - sudo -u ubuntu bash -c "python3 /home/ubuntu/permission_check.py" - - - name: Remove osquery permission check script - become: yes - file: - path: /home/ubuntu/permission_check.py - state: absent - - - name: Remove osquery - become: yes - shell: | - sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile osquery" diff --git a/ansible-nix/tasks/stage2/playbook.yml b/ansible-nix/tasks/stage2/playbook.yml index 332613e32..82c3e24fc 100644 --- a/ansible-nix/tasks/stage2/playbook.yml +++ b/ansible-nix/tasks/stage2/playbook.yml @@ -62,3 +62,31 @@ - name: Print result to Ansible log output debug: msg: "The postgres user is {{ 'not ' if check_user_group.rc != 0 else '' }}part of the users group" + + - name: Install osquery from nixpkgs binary cache + become: yes + shell: | + sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install nixpkgs#osquery" + + - name: Install osquery permission check script + become: yes + copy: + src: files/permission_check.py + dest: /home/ubuntu/permission_check.py + mode: "0755" + + - name: Run osquery permission checks + become: yes + shell: | + sudo -u ubuntu bash -c "python3 /home/ubuntu/permission_check.py" + + - name: Remove osquery permission check script + become: yes + file: + path: /home/ubuntu/permission_check.py + state: absent + + - name: Remove osquery + become: yes + shell: | + sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile osquery" diff --git a/common-nix.vars.pkr.hcl b/common-nix.vars.pkr.hcl index f02caa097..969f41574 100644 --- a/common-nix.vars.pkr.hcl +++ b/common-nix.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.6.1.46-nix-staged" +postgres-version = "15.6.1.47-nix-staged"