From e0efc51c3415a29a9f3d7823d4c06af37ef5803f Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Fri, 28 Nov 2025 18:01:17 +0100 Subject: [PATCH 1/3] feat(system): Add tags to system role tasks --- roles/system/tasks/main.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/system/tasks/main.yaml b/roles/system/tasks/main.yaml index 4ce6c5a..a5f051d 100644 --- a/roles/system/tasks/main.yaml +++ b/roles/system/tasks/main.yaml @@ -40,6 +40,8 @@ community.general.timezone: name: "{{ system_timezone }}" when: "system_timezone" + tags: + - timezone become: true - name: Create necessary groups @@ -48,6 +50,8 @@ state: present loop: "{{ system_users | map(attribute='groups') | flatten | unique }}" when: "system_users" + tags: + - groups become: true - name: Set up system users @@ -59,6 +63,9 @@ shell: "{{ item.shell | default('/bin/bash') }}" loop: "{{ system_users }}" when: "system_users" + tags: + - users + - groups become: true - name: Add authorized SSH keys From 961e10223c4ebed6c7dbfa8aa40e9e4c3abc53c1 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Fri, 28 Nov 2025 18:01:17 +0100 Subject: [PATCH 2/3] ref(system): Fix ssh authorized keys task Fixed the loop for authorized keys. While I read previously that the Ansible module can take keys in the array format: ```yaml key: - key1 - key2 - ... ``` This seems to not be the case. Instead, we now do a 'sub-loop' through all the existing authorized_keys entries in the data structure, running the task once for each key. This also means we can simplify the 'when' condition to only check the data structure itself exists, not the key since we only loop once for each existing key anyway. More in-depth explanation on the subelements filter here: https://docs.ansible.com/projects/ansible/latest/playbook_guide/playbooks_filters.html#combining-objects-and-subelements Concise explanation of use here: https://overflow.ducks.party/questions/56086290/how-can-i-traverse-nested-lists-in-ansible One drawback: we can now _not_ change the key setting in the module to be exclusive (`exclusive: true` for `authorized_keys` module). As described in the documentation, if there are more than one key for a user, this would lead to the following keys overwriting the first key. Currently do not know how to fix this, but we are not supplying exclusive keys so it is fine for the moment. --- roles/system/tasks/main.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/system/tasks/main.yaml b/roles/system/tasks/main.yaml index a5f051d..fd14baf 100644 --- a/roles/system/tasks/main.yaml +++ b/roles/system/tasks/main.yaml @@ -70,11 +70,11 @@ - name: Add authorized SSH keys ansible.posix.authorized_key: - user: "{{ item.name }}" + user: "{{ item.0.name }}" state: present - key: "{{ item.authorized_keys }}" - loop: "{{ system_users }}" - when: system_users is defined and item.authorized_keys is defined + key: "{{ item.1 }}" + loop: "{{ system_users | subelements('authorized_keys', skip_missing=True) }}" + when: system_users is defined tags: - ssh become: true From 255b812b54df0ff77429d8fec027bc8d141cbb9d Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Fri, 28 Nov 2025 18:38:52 +0100 Subject: [PATCH 3/3] fix(infra): Disable infrastructure skeleton until implementation --- site.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/site.yaml b/site.yaml index b77d574..6c056d1 100644 --- a/site.yaml +++ b/site.yaml @@ -49,12 +49,12 @@ # name: incus-install # tags: incus -- name: Raise infrastructure - hosts: localhost - tags: infrastructure - tasks: - - ansible.builtin.import_role: - name: infrastructure +# - name: Raise infrastructure +# hosts: localhost +# tags: infrastructure +# tasks: +# - ansible.builtin.import_role: +# name: infrastructure # ansible-galaxy install geerlingguy.docker - name: Install docker