PHiAX/Raspberry-Pi-IaC
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Raspberry-Pi-IaC/roles/user/tasks/main.yml
Thomas Kleinendorst 462e202737 Register actual container as systemd service 
This service is scoped to the user only but ensures that the container
is started on system boot.
2024-04-16 17:04:45 +02:00

101 lines
4.1 KiB
YAML
Raw Blame History

---
# The ZSH installation instructions are sourced from this blog:
# https://harshithashok.com/tools/oh-my-zsh-with-starship/
- name: Create a new user
become: true
ansible.builtin.user:
append: true
groups:
- users
name: "{{ user_username }}"
# Salt is necessary, see: https://stackoverflow.com/questions/56869949/ansible-user-module-always-shows-changed
password: "{{ user_password | password_hash('sha512', password_salt) }}"
when: user_username is not undefined # Skip when no user is provided, we'll asume we're targetting the Ansible user.
- name: Set fact for defining the user which should run the next modules
ansible.builtin.set_fact:
target_user: "{{ ansible_facts['user_id'] if user_username is undefined else user_username }}"
# The "lingering" property seems to be important to Podman, otherwise errors are thrown as mentioned here:
# https://superuser.com/questions/1788594/podman-the-cgroupv2-manager-is-set-to-systemd-but-there-is-no-systemd-user-sess
- name: "Check if lingering is enabled (user: {{ target_user }})"
ansible.builtin.command:
cmd: "loginctl show-user {{ target_user }} --property=Linger"
register: linger_check
changed_when: false
failed_when: false
- name: "Enable systemd \"lingering\" (user: {{ target_user }})"
become: true
ansible.builtin.command:
cmd: "loginctl enable-linger {{ target_user }}"
when: linger_check.rc != 0
changed_when: true
- name: Ensuring ZSH is installed
become: true
ansible.builtin.apt:
pkg:
- acl # Needed to prevent this error: https://stackoverflow.com/questions/46352173/ansible-failed-to-set-permissions-on-the-temporary
- zsh
state: present
- name: Install Oh My ZSH # noqa: command-instead-of-module ignore error since we're removing the script after install.
become: true
become_user: "{{ target_user }}"
ansible.builtin.shell: |
wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh
chmod u+x install.sh
./install.sh --unattended
rm install.sh
args:
executable: /bin/bash
creates: ~/.oh-my-zsh
- name: Install Starship # noqa: command-instead-of-module ignore error since we're removing the script after install.
become: true
ansible.builtin.shell: |
wget https://starship.rs/install.sh
chmod u+x install.sh
./install.sh --yes
rm install.sh
args:
executable: /bin/bash
creates: /usr/local/bin/starship
- name: Install zsh-autosuggestions # noqa: command-instead-of-module ignore error since we're removing the script after install.
become: true
become_user: "{{ target_user }}"
ansible.builtin.command:
cmd: git clone https://github.com/zsh-users/zsh-autosuggestions ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions
creates: ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions
- name: Clear "ZSH_THEME" in ~/.zshrc
become: true
become_user: "{{ target_user }}"
ansible.builtin.lineinfile:
path: ~/.zshrc
regexp: '^ZSH_THEME="[^"]+"$'
line: ZSH_THEME=""
- name: Add the zsh-autosuggestions plugin in ~/.zshrc
become: true
become_user: "{{ target_user }}"
ansible.builtin.lineinfile:
path: ~/.zshrc
regexp: '^plugins=\((.*)(?<!zsh-autosuggestions)\)$'
line: 'plugins=(\1 zsh-autosuggestions)'
backrefs: true
# For some reason snap isn't properly configured and its bin directory isn't added to the $PATH variable.
# This probably has something to do with the hardening rules, instead we'll fix it here.
- name: Add Starship config and Snapcraft to ~/.zshrc
become: true
become_user: "{{ target_user }}"
ansible.builtin.blockinfile:
path: ~/.zshrc
block: |-
# Add Snapcraft to $PATH
export PATH=$PATH:/snap/bin
# Set XDG_RUNTIME_DIR variable necessary for running systemctl as user
# See: https://superuser.com/questions/1561076/systemctl-user-failed-to-connect-to-bus-no-such-file-or-directory-debian-9#answers-header
export XDG_RUNTIME_DIR=/run/user/$(id -u $otherUser)
# Starship
eval "$(starship init zsh)"
- name: Change the default shell of the current user
become: true
ansible.builtin.user:
name: "{{ target_user }}"
shell: /usr/bin/zsh
Reference in a new issue View git blame Copy permalink