From 2a82ee4d5cd1b5995dbec3e8fe48037d568a7c79 Mon Sep 17 00:00:00 2001 From: Sandwich Date: Wed, 18 Feb 2026 19:24:46 +0100 Subject: [PATCH] fix: resolve Jinja2 .keys ambiguity, fastfetch availability, and python interpreter - Use bracket notation item['keys'] instead of item.keys to avoid conflict with Python dict .keys() method - Remove fastfetch from Debian 12 package list (only available in 13+) - Set explicit python interpreter path for post-reboot tasks --- main.yml | 1 + roles/bootstrap/vars/main.yml | 2 +- roles/configuration/tasks/users.yml | 2 +- roles/global_defaults/tasks/system.yml | 2 +- roles/virtualization/templates/cloud-user-data.yml.j2 | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/main.yml b/main.yml index 670dca1..1fcbc1c 100644 --- a/main.yml +++ b/main.yml @@ -152,6 +152,7 @@ ansible_password: "{{ system_cfg.users[0].password }}" ansible_become_password: "{{ system_cfg.users[0].password }}" ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + ansible_python_interpreter: /usr/bin/python3 - name: Install post-reboot packages when: diff --git a/roles/bootstrap/vars/main.yml b/roles/bootstrap/vars/main.yml index 54f13c7..9c4e522 100644 --- a/roles/bootstrap/vars/main.yml +++ b/roles/bootstrap/vars/main.yml @@ -104,7 +104,7 @@ bootstrap_debian_extra_common: bootstrap_debian_extra_versioned: - linux-image-amd64 - "{{ 'duf' if (os_version | string) not in ['10', '11'] else '' }}" - - "{{ 'fastfetch' if (os_version | string) in ['12', '13', 'unstable'] else '' }}" + - "{{ 'fastfetch' if (os_version | string) in ['13', 'unstable'] else '' }}" - "{{ 'neofetch' if (os_version | string) == '12' else '' }}" - "{{ 'software-properties-common' if (os_version | string) not in ['13', 'unstable'] else '' }}" - "{{ 'systemd-zram-generator' if (os_version | string) not in ['10', '11'] else '' }}" diff --git a/roles/configuration/tasks/users.yml b/roles/configuration/tasks/users.yml index b7b0e52..2ba7055 100644 --- a/roles/configuration/tasks/users.yml +++ b/roles/configuration/tasks/users.yml @@ -26,7 +26,7 @@ changed_when: configuration_user_result.rc == 0 - name: Ensure .ssh directory exists - when: item.keys | default([]) | length > 0 + when: item['keys'] | default([]) | length > 0 ansible.builtin.file: path: "/mnt/home/{{ item.name }}/.ssh" state: directory diff --git a/roles/global_defaults/tasks/system.yml b/roles/global_defaults/tasks/system.yml index 87a38ac..51e7b2f 100644 --- a/roles/global_defaults/tasks/system.yml +++ b/roles/global_defaults/tasks/system.yml @@ -30,7 +30,7 @@ that: - item is mapping - item.name is defined and (item.name | string | length) > 0 - - item.keys is not defined or (item.keys is iterable and item.keys is not string) + - item['keys'] is not defined or (item['keys'] is iterable and item['keys'] is not string) fail_msg: "Each system.users[] entry must be a dict with 'name'; 'keys' must be a list." quiet: true loop: "{{ system.users }}" diff --git a/roles/virtualization/templates/cloud-user-data.yml.j2 b/roles/virtualization/templates/cloud-user-data.yml.j2 index da4b9ef..5f36461 100644 --- a/roles/virtualization/templates/cloud-user-data.yml.j2 +++ b/roles/virtualization/templates/cloud-user-data.yml.j2 @@ -11,7 +11,7 @@ users: sudo: "{{ user.sudo | default('ALL=(ALL) NOPASSWD:ALL') }}" passwd: "{{ user.password | password_hash('sha512') }}" lock_passwd: false -{% set ssh_keys = user.keys | default([]) %} +{% set ssh_keys = user['keys'] | default([]) %} {% if ssh_keys | length > 0 %} ssh_authorized_keys: {% for key in ssh_keys %}