fix: resolve Jinja2 .keys ambiguity, fastfetch availability, and python interpreter
- Use bracket notation item['keys'] instead of item.keys to avoid conflict with Python dict .keys() method - Remove fastfetch from Debian 12 package list (only available in 13+) - Set explicit python interpreter path for post-reboot tasks
This commit is contained in:
1
main.yml
1
main.yml
@@ -152,6 +152,7 @@
|
|||||||
ansible_password: "{{ system_cfg.users[0].password }}"
|
ansible_password: "{{ system_cfg.users[0].password }}"
|
||||||
ansible_become_password: "{{ system_cfg.users[0].password }}"
|
ansible_become_password: "{{ system_cfg.users[0].password }}"
|
||||||
ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
|
ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
|
||||||
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
|
||||||
- name: Install post-reboot packages
|
- name: Install post-reboot packages
|
||||||
when:
|
when:
|
||||||
|
|||||||
@@ -104,7 +104,7 @@ bootstrap_debian_extra_common:
|
|||||||
bootstrap_debian_extra_versioned:
|
bootstrap_debian_extra_versioned:
|
||||||
- linux-image-amd64
|
- linux-image-amd64
|
||||||
- "{{ 'duf' if (os_version | string) not in ['10', '11'] else '' }}"
|
- "{{ 'duf' if (os_version | string) not in ['10', '11'] else '' }}"
|
||||||
- "{{ 'fastfetch' if (os_version | string) in ['12', '13', 'unstable'] else '' }}"
|
- "{{ 'fastfetch' if (os_version | string) in ['13', 'unstable'] else '' }}"
|
||||||
- "{{ 'neofetch' if (os_version | string) == '12' else '' }}"
|
- "{{ 'neofetch' if (os_version | string) == '12' else '' }}"
|
||||||
- "{{ 'software-properties-common' if (os_version | string) not in ['13', 'unstable'] else '' }}"
|
- "{{ 'software-properties-common' if (os_version | string) not in ['13', 'unstable'] else '' }}"
|
||||||
- "{{ 'systemd-zram-generator' if (os_version | string) not in ['10', '11'] else '' }}"
|
- "{{ 'systemd-zram-generator' if (os_version | string) not in ['10', '11'] else '' }}"
|
||||||
|
|||||||
@@ -26,7 +26,7 @@
|
|||||||
changed_when: configuration_user_result.rc == 0
|
changed_when: configuration_user_result.rc == 0
|
||||||
|
|
||||||
- name: Ensure .ssh directory exists
|
- name: Ensure .ssh directory exists
|
||||||
when: item.keys | default([]) | length > 0
|
when: item['keys'] | default([]) | length > 0
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/mnt/home/{{ item.name }}/.ssh"
|
path: "/mnt/home/{{ item.name }}/.ssh"
|
||||||
state: directory
|
state: directory
|
||||||
|
|||||||
@@ -30,7 +30,7 @@
|
|||||||
that:
|
that:
|
||||||
- item is mapping
|
- item is mapping
|
||||||
- item.name is defined and (item.name | string | length) > 0
|
- item.name is defined and (item.name | string | length) > 0
|
||||||
- item.keys is not defined or (item.keys is iterable and item.keys is not string)
|
- item['keys'] is not defined or (item['keys'] is iterable and item['keys'] is not string)
|
||||||
fail_msg: "Each system.users[] entry must be a dict with 'name'; 'keys' must be a list."
|
fail_msg: "Each system.users[] entry must be a dict with 'name'; 'keys' must be a list."
|
||||||
quiet: true
|
quiet: true
|
||||||
loop: "{{ system.users }}"
|
loop: "{{ system.users }}"
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ users:
|
|||||||
sudo: "{{ user.sudo | default('ALL=(ALL) NOPASSWD:ALL') }}"
|
sudo: "{{ user.sudo | default('ALL=(ALL) NOPASSWD:ALL') }}"
|
||||||
passwd: "{{ user.password | password_hash('sha512') }}"
|
passwd: "{{ user.password | password_hash('sha512') }}"
|
||||||
lock_passwd: false
|
lock_passwd: false
|
||||||
{% set ssh_keys = user.keys | default([]) %}
|
{% set ssh_keys = user['keys'] | default([]) %}
|
||||||
{% if ssh_keys | length > 0 %}
|
{% if ssh_keys | length > 0 %}
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
{% for key in ssh_keys %}
|
{% for key in ssh_keys %}
|
||||||
|
|||||||
Reference in New Issue
Block a user