feat(ansible): do not use become_user instruction

Due to errors during the creation of temporary files by Ansible, generated by the "become_user" command in non-POSIX systems, this instruction was deleted and replaced. https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user
diodonfrost · Aug 5, 2023 · 22802f0 · 22802f0
1 parent d62f8ad
commit 22802f0
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 41 deletions.
diff --git a/tasks/p10k-configure.yml b/tasks/p10k-configure.yml
@@ -4,13 +4,13 @@
     name: "{{ item }}"
     shell: "{{ zsh_bin_path }}"
   become: true
-  with_items: "{{ p10k_users }}"
+  loop: "{{ p10k_users }}"
 
 - name: Setup powerlevel10k
   ansible.builtin.template:
     src: "p10k-{{ p10k_style[p10k_prompt_style] }}.zsh.j2"
-    dest: '~/.p10k.zsh'
+    dest: "{{ item['home'] }}/.p10k.zsh"
+    owner: "{{ item['name'] }}"
+    group: "{{ item['group'] }}"
     mode: '0644'
-  become: true
-  become_user: "{{ item }}"
-  with_items: "{{ p10k_users }}"
+  loop: "{{ p10k_users_information }}"
diff --git a/tasks/p10k-install.yml b/tasks/p10k-install.yml
@@ -20,50 +20,69 @@
     msg: "You are using ZSH version {{ zsh_version.stdout }}. The minimum required version for Powerlevel10k is 5.1"
   when: zsh_version.stdout|float < 5.1
 
+- name: Get users information
+  ansible.builtin.user:
+    name: "{{ item }}"
+    state: present
+  register: p10k_users_register
+  loop: "{{ p10k_users }}"
+
+- name: Extract only 'name', 'home' and 'group' fields from users information
+  ansible.builtin.set_fact:
+    p10k_users_information: "{{ p10k_users_information | default([]) + [{'name': item['name'], 'home': item['home'], 'group': item['group']}] }}"
+  no_log: true
+  loop: "{{ p10k_users_register.results }}"
+
 - name: Install powerlevel10k.
   ansible.builtin.git:
     repo: "{{ p10k_repository_url }}"
-    dest: "{{ p10k_path[zsh_plugin] | default('~/powerlevel10k', True) }}"
+    dest: "{{ item['home'] }}/{{ p10k_path[zsh_plugin] | default('~/powerlevel10k', True) }}"
     depth: '1'
     update: no
     version: 'master'
-  become: true
-  become_user: "{{ item }}"
-  with_items: "{{ p10k_users }}"
+  loop: "{{ p10k_users_information }}"
+
+- name: Setup powerlevel10k file permissions.
+  ansible.builtin.file:
+    path: "{{ item['home'] }}/{{ p10k_path[zsh_plugin] | default('~/powerlevel10k', True) }}"
+    owner: "{{ item['name'] }}"
+    group: "{{ item['group'] }}"
+    recurse: yes
+  loop: "{{ p10k_users_information }}"
 
 - name: Add powerlevel10k to zsh plugin
   ansible.builtin.lineinfile:
-    path: "{{ p10k_zshrc_config[zsh_plugin]['zsh_file'] }}"
+    path: "{{ item['home'] }}/{{ p10k_zshrc_config[zsh_plugin]['zsh_file'] }}"
     regexp: "{{ p10k_zshrc_config[zsh_plugin]['regexp'] }}"
     line: "{{ p10k_zshrc_config[zsh_plugin]['line'] }}"
+    owner: "{{ item['name'] }}"
+    group: "{{ item['group'] }}"
     mode: '0644'
     create: yes
-  become: true
-  become_user: "{{ item }}"
-  with_items: "{{ p10k_users }}"
+  loop: "{{ p10k_users_information }}"
 
 - name: Enable powerlevel10 instant prompt
   ansible.builtin.blockinfile:
-    path: "{{ p10k_zshrc_config[zsh_plugin]['zsh_file'] }}"
+    path: "{{ item['home'] }}/{{ p10k_zshrc_config[zsh_plugin]['zsh_file'] }}"
+    owner: "{{ item['name'] }}"
+    group: "{{ item['group'] }}"
     block: |
       if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then
         source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
       fi
     insertbefore: BOF
     marker_begin: "BEGIN P10K INSTANT PROMPT"
     marker_end: "END P10K INSTANT PROMPT"
-  become: true
-  become_user: "{{ item }}"
-  with_items: "{{ p10k_users }}"
+  loop: "{{ p10k_users_information }}"
 
 - name: Enable powerlevel10k config file
   ansible.builtin.blockinfile:
-    path: "{{ p10k_zshrc_config[zsh_plugin]['zsh_file'] }}"
+    path: "{{ item['home'] }}/{{ p10k_zshrc_config[zsh_plugin]['zsh_file'] }}"
+    owner: "{{ item['name'] }}"
+    group: "{{ item['group'] }}"
     block: |
       [[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
     insertafter: EOF
     marker_begin: "BEGIN P10K CONFIG FILE"
     marker_end: "END P10K CONFIG FILE"
-  become: true
-  become_user: "{{ item }}"
-  with_items: "{{ p10k_users }}"
+  loop: "{{ p10k_users_information }}"
diff --git a/vars/main.yml b/vars/main.yml
@@ -7,58 +7,58 @@ p10k_style:
   pure: 'rainbow'
 
 p10k_path:
-  zsh: '~/powerlevel10k'
-  ohmyzsh: '~/.oh-my-zsh/custom/themes/powerlevel10k'
-  prezto: '~/powerlevel10k'
-  zim: '~/powerlevel10k'
-  antibody: '~/powerlevel10k'
-  antigen: '~/powerlevel10k'
-  zplug: '~/powerlevel10k'
-  zgen: '~/powerlevel10k'
-  zplugin: '~/powerlevel10k'
-  zinit: '~/powerlevel10k'
+  zsh: 'powerlevel10k'
+  ohmyzsh: '.oh-my-zsh/custom/themes/powerlevel10k'
+  prezto: 'powerlevel10k'
+  zim: 'powerlevel10k'
+  antibody: 'powerlevel10k'
+  antigen: 'powerlevel10k'
+  zplug: 'powerlevel10k'
+  zgen: 'powerlevel10k'
+  zplugin: 'powerlevel10k'
+  zinit: 'powerlevel10k'
 
 p10k_zshrc_config:
   zsh:
    regexp: '^source '
    line: 'source ~/powerlevel10k/powerlevel10k.zsh-theme'
-   zsh_file: ~/.zshrc
+   zsh_file: .zshrc
   ohmyzsh:
     regexp: '^ZSH_THEME='
     line: 'ZSH_THEME="powerlevel10k/powerlevel10k"'
-    zsh_file: ~/.zshrc
+    zsh_file: .zshrc
   prezto:
     regexp: '^zstyle :prezto:module:prompt theme'
     line: 'zstyle :prezto:module:prompt theme powerlevel10k'
-    zsh_file: ~/.zpreztorc
+    zsh_file: .zpreztorc
   zim:
     regexp: '^zmodule '
     line: 'zmodule romkatv/powerlevel10k'
-    zsh_file: ~/.zimrc
+    zsh_file: .zimrc
   antibody:
     regexp: '^antibody bundle '
     line: 'antibody bundle romkatv/powerlevel10k'
-    zsh_file: ~/.zshrc
+    zsh_file: .zshrc
   antigen:
     regexp: '^antigen theme '
     line: 'antigen theme romkatv/powerlevel10k'
-    zsh_file: ~/.zshrc
+    zsh_file: .zshrc
   zplug:
     regexp: '^zplug '
     line: 'zplug romkatv/powerlevel10k, as:theme, depth:1'
-    zsh_file: ~/.zshrc
+    zsh_file: .zshrc
   zgen:
     regexp: '^zgen load '
     line: 'zgen load romkatv/powerlevel10k powerlevel10k'
-    zsh_file: ~/.zshrc
+    zsh_file: .zshrc
   zplugin:
     regexp: '^zplugin ice depth=1; zplugin light'
     line: 'zplugin ice depth=1; zplugin light romkatv/powerlevel10k'
-    zsh_file: ~/.zshrc
+    zsh_file: .zshrc
   zinit:
     regexp: '^zinit ice depth=1; zinit light'
     line: 'zinit ice depth=1; zinit light romkatv/powerlevel10k'
-    zsh_file: ~/.zshrc
+    zsh_file: .zshrc
 
 time_config:
   no: