Move become: true into esphome role

Move become: true into zigbee2mqtt role Remove become: true from deploy_public_reverse_proxy playbook Remove become: true from deploy_dokuwiki playbook Move become: true from deploy_audio_pi and deploy_light playbooks into roles Remove become: true from deploy_keycloak playbook Move become: true from deploy_automation playbook to mosquitto role
2023-05-09 21:12:46 +02:00 · 2023-05-09 21:12:46 +02:00 · 33d1cfca1f
parent b56ca3899d
commit 33d1cfca1f
24 changed files with 119 additions and 20 deletions
--- a/playbooks/deploy_audio_pi.yaml
+++ b/playbooks/deploy_audio_pi.yaml
@ -1,6 +1,5 @@
 ---
 - name: Configure audio.z9 as a bluetooth audio sink and AirPlay server
-  become: true
  hosts: audio
  roles:
    - hifiberry
--- a/playbooks/deploy_automation.yaml
+++ b/playbooks/deploy_automation.yaml
@ -1,6 +1,5 @@
 ---
 - name: Deploy mosquitto MQTT broker on automation.z9
-  become: true
  hosts: automation
  roles:
    - mosquitto
--- a/playbooks/deploy_dokuwiki.yaml
+++ b/playbooks/deploy_dokuwiki.yaml
@ -1,6 +1,5 @@
 ---
 - name: Configure wiki.z9 with dokuwiki
-  become: true
  hosts: wiki
  roles:
    - nginx
--- a/playbooks/deploy_esphome.yaml
+++ b/playbooks/deploy_esphome.yaml
@ -1,6 +1,5 @@
 ---
 - name: Deploy esphome on esphome.z9
-  become: true
  hosts: esphome
  roles:
    - esphome
--- a/playbooks/deploy_keycloak.yaml
+++ b/playbooks/deploy_keycloak.yaml
@ -1,6 +1,5 @@
 ---
 - name: Deploy nginx and keycloak using docker_compose on keyloak
-  become: true
  hosts: keycloak
  roles:
    - cert
--- a/playbooks/deploy_light.yaml
+++ b/playbooks/deploy_light.yaml
@ -1,6 +1,5 @@
 ---
 - name: Deploy ola and foobazdmx on light.z9
-  become: true
  hosts: light
  roles:
    - ola
--- a/playbooks/deploy_public_reverse_proxy.yaml
+++ b/playbooks/deploy_public_reverse_proxy.yaml
@ -1,6 +1,5 @@
 ---
 - name: Deploy the Public-Reverse-Proxy
  hosts: public-reverse-proxy
-  become: true
  roles:
    - nginx
--- a/playbooks/deploy_zigbee2mqtt.yaml
+++ b/playbooks/deploy_zigbee2mqtt.yaml
@ -1,6 +1,5 @@
 ---
 - name: Deploy zigbee2mqtt on zigbee2mqtt.z9.ccchh.net
-  become: true
  hosts: zigbee2mqtt
  roles:
    - zigbee2mqtt
--- a/playbooks/roles/add_apt_repository/tasks/main.yaml
+++ b/playbooks/roles/add_apt_repository/tasks/main.yaml
@ -3,22 +3,30 @@
  ansible.builtin.fail:
    msg: "Can only add apt repositories on Debian-based systems!"
  when: ansible_facts.os_family != "Debian"
+
 - name: Install required apt packages for adding an apt repository
+  become: true
  ansible.builtin.apt:
    name:
      - ca-certificates
      - gnupg
+
 - name: Install apt-transport-https if https repository
+  become: true
  ansible.builtin.apt:
    name: apt-transport-https
  when: add_apt_repository__https_repo
+
 - name: Add repository signing key to keychain
+  become: true
  when: add_apt_repository__keyring_url is defined and add_apt_repository__keyring_path is defined
  ansible.builtin.apt_key:
    url: "{{ add_apt_repository__keyring_url }}"
    keyring: "{{ add_apt_repository__keyring_path }}"
    state: present
+
 - name: Add repository and update cache
+  become: true
  ansible.builtin.apt_repository:
    repo: "{{ add_apt_repository__repo }}"
    filename: "{{ add_apt_repository__filename }}"
--- a/playbooks/roles/bluetooth_audio_sink/tasks/main.yaml
+++ b/playbooks/roles/bluetooth_audio_sink/tasks/main.yaml
@ -1,45 +1,60 @@
 ---
 - name: Ensure acl is installed
+  become: true
  ansible.builtin.apt:
    name: acl
+
 - name: Ensure machine-info file is deployed
+  become: true
  ansible.builtin.template:
    src: machine-info.j2
    dest: /etc/machine-info
-    mode: 0644
+    mode: "644"
    owner: root
    group: root
  notify: Restart bluetooth service
+
 - name: Ensure bluetooth config is deployed
+  become: true
  ansible.builtin.template:
    src: main.conf.j2
    dest: /etc/bluetooth/main.conf
-    mode: 0644
+    mode: "644"
    owner: root
    group: root
  notify: Restart bluetooth service
+
 - name: Ensure bluetooth service is enabled and started
+  become: true
  ansible.builtin.systemd:
    service: bluetooth.service
    state: started
    enabled: true
+
 - name: Ensure audiosink user exists
+  become: true
  ansible.builtin.user:
    name: audiosink
    groups:
      - audio
+
 - name: Ensure user services are started without needing to login
+  become: true
  ansible.builtin.command:
    cmd: loginctl enable-linger audiosink
  changed_when: false
+
 - name: Detect if on Raspberry Pi # noqa ignore-errors
  ansible.builtin.include_role:
    name: raspberry_pi_check
  ignore_errors: true
+
 - name: Ensure debian archive keyring is installed # noqa no-handler
+  become: true
  when: raspberry_pi_check__cpuinfo.found
  ansible.builtin.apt:
    deb: https://ftp.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2021.1.1_all.deb
+
 - name: Ensure debian backports repository is enabled
  ansible.builtin.include_role:
    name: add_apt_repository
@ -47,94 +62,120 @@
    add_apt_repository__https_repo: false
    add_apt_repository__repo: "deb http://deb.debian.org/debian {{ ansible_facts.lsb.codename }}-backports main contrib non-free"
    add_apt_repository__filename: "{{ ansible_facts.lsb.codename }}-backports.list"
+
 - name: Ensure pipewire, wireplumber and libspa-0.2-bluetooth are installed
+  become: true
  ansible.builtin.apt:
    name:
      - pipewire
      - wireplumber
      - libspa-0.2-bluetooth
    default_release: "{{ ansible_facts.lsb.codename }}-backports"
+
 - name: Ensure pipewire user service is enabled and started
+  become: true
  become_user: audiosink
  ansible.builtin.systemd:
    name: pipewire.service
    state: started
    enabled: true
    scope: user
+
 - name: Ensure pipewire-pulse user service is enabled and started
+  become: true
  become_user: audiosink
  ansible.builtin.systemd:
    name: pipewire-pulse.service
    state: started
    enabled: true
    scope: user
+
 - name: Ensure wireplumber user service is enabled
+  become: true
  become_user: audiosink
  ansible.builtin.systemd:
    name: wireplumber.service
    enabled: true
    scope: user
+
 - name: Ensure speaker-agent dependencies are installed
+  become: true
  ansible.builtin.apt:
    name:
      - git
      - python3-dbus
+
 - name: Ensure speaker-agent repository is cloned
+  become: true
  ansible.builtin.git:
    repo: https://github.com/fdanis-oss/pw_wp_bluetooth_rpi_speaker.git
    dest: /opt/speaker-agent
    version: 9a939a23865ea020816017e06fd2290f301c35f9
+
 - name: Ensure .config directory exists
+  become: true
  become_user: audiosink
  ansible.builtin.file:
    path: /home/audiosink/.config
    state: directory
-    mode: 0700
+    mode: "700"
    owner: audiosink
    group: audiosink
+
 - name: Ensure .config/systemd directory exists
+  become: true
  become_user: audiosink
  ansible.builtin.file:
    path: /home/audiosink/.config/systemd
    state: directory
-    mode: 0755
+    mode: "755"
    owner: audiosink
    group: audiosink
+
 - name: Ensure .config/systemd/user directory exists
+  become: true
  become_user: audiosink
  ansible.builtin.file:
    path: /home/audiosink/.config/systemd/user
    state: directory
-    mode: 0755
+    mode: "755"
    owner: audiosink
    group: audiosink
+
 - name: Ensure speaker-agent service file is deployed
+  become: true
  become_user: audiosink
  ansible.builtin.copy:
    src: speaker-agent.service
    dest: /home/audiosink/.config/systemd/user/speaker-agent.service
-    mode: 0644
+    mode: "644"
    owner: audiosink
    group: audiosink
  notify: Restart speaker-agent service
+
 - name: Ensure speaker-agent service is enabled and started
+  become: true
  become_user: audiosink
  ansible.builtin.systemd:
    name: speaker-agent.service
    state: started
    enabled: true
    scope: user
+
 # This part is janky, but I don't know how to make the bluetooth service, wireplumber and pipewire
 # work with each other without being logged in.
 - name: Ensure getty@tty1 override file is deployed
+  become: true
  ansible.builtin.copy:
    src: override.conf
    dest: /etc/systemd/system/getty@tty1.service.d/override.conf
-    mode: 0644
+    mode: "644"
    owner: root
    group: root
  notify: Reboot host
+
 - name: Ensure autologin for audiosink user is enabled
+  become: true
  ansible.builtin.systemd:
    service: getty@tty1.service
    enabled: true
--- a/playbooks/roles/esphome/handlers/main.yaml
+++ b/playbooks/roles/esphome/handlers/main.yaml
@ -1,5 +1,6 @@
 ---
 - name: Restart esphome
+  become: true
  ansible.builtin.systemd:
    service: esphome.service
    state: restarted
--- a/playbooks/roles/esphome/tasks/main.yaml
+++ b/playbooks/roles/esphome/tasks/main.yaml
@ -1,33 +1,40 @@
 - name: Ensure acl is installed
+  become: true
  ansible.builtin.apt:
    name: acl
 - name: Ensure pip is installed
+  become: true
  ansible.builtin.apt:
    name: python3-pip
 - name: Ensure esphome user exists
+  become: true
  ansible.builtin.user:
    name: esphome
    shell: /bin/bash
 - name: Ensure esphome dependencies are installed
+  become: true
  become_user: esphome
  ansible.builtin.pip:
    name: tornado
    extra_args: --user
 - name: Ensure esphome is installed
+  become: true
  become_user: esphome
  ansible.builtin.pip:
    name: "esphome=={{ esphome__version }}"
    extra_args: --user
  notify: Restart esphome
 - name: Ensure esphome systemd service file is deployed
+  become: true
  ansible.builtin.copy:
    src: esphome.service
    dest: /etc/systemd/system/esphome.service
-    mode: 0644
+    mode: "644"
    owner: root
    group: root
  notify: Restart esphome
 - name: Ensure esphome service is enabled and started
+  become: true
  ansible.builtin.systemd:
    service: esphome.service
    enabled: true
--- a/playbooks/roles/foobazdmx/handlers/main.yaml
+++ b/playbooks/roles/foobazdmx/handlers/main.yaml
@ -1,4 +1,5 @@
 - name: Restart foobazdmx
+  become: true
  ansible.builtin.systemd:
    service: foobazdmx.service
    state: restarted
--- a/playbooks/roles/foobazdmx/tasks/main.yaml
+++ b/playbooks/roles/foobazdmx/tasks/main.yaml
@ -1,4 +1,5 @@
 - name: Ensure apt dependencies are installed
+  become: true
  ansible.builtin.apt:
    name:
      - acl
@ -6,32 +7,41 @@
      - python3
      - python3-pip
      - python3-setuptools
+
 - name: Ensure python peotry is installed
+  become: true
  ansible.builtin.pip:
    name: poetry
+
 - name: Ensure foobazdmx user exists
+  become: true
  ansible.builtin.user:
    name: foobazdmx
+
 - name: Install foobazdmx
  notify: Restart foobazdmx
  block:
    - name: Clone foobazdmx repository
+      become: true
      ansible.builtin.git:
        repo: https://thinkcccentre-ansible:glpat-VegCzyjuDjB19SggAqm1@gitlab.hamburg.ccc.de/yuri/foobazdmx.git
        dest: /opt/foobazdmx
        version: bf6170aa12fa5de9b9667be9b744ad7ee6157dde
    - name: Install python dependencies
+      become: true
      become_user: foobazdmx
      ansible.builtin.command:
        cmd: poetry install
        chdir: /opt/foobazdmx
      changed_when: false
    - name: Generate foobazdmx service file
+      become: true
      ansible.builtin.template:
        src: foobazdmx.service.j2
        dest: /etc/systemd/system/foobazdmx.service
        mode: "0755"
    - name: Enable and start foobazdmx service
+      become: true
      ansible.builtin.systemd:
        service: foobazdmx.service
        state: started
--- a/playbooks/roles/hifiberry/handlers/main.yaml
+++ b/playbooks/roles/hifiberry/handlers/main.yaml
@ -1,3 +1,4 @@
 ---
 - name: Restart system
+  become: true
  ansible.builtin.reboot:
--- a/playbooks/roles/hifiberry/tasks/main.yaml
+++ b/playbooks/roles/hifiberry/tasks/main.yaml
@ -1,17 +1,22 @@
 ---
 - name: Remove dtparam=audio=on
+  become: true
  ansible.builtin.lineinfile:
    line: dtparam=audio=on
    dest: /boot/config.txt
    state: absent
  notify: Restart system
+
 - name: Set audio=off for dtoverlay=vc4-kms-v3d
+  become: true
  ansible.builtin.lineinfile:
    regexp: ^dtoverlay=vc4-kms-v3d
    line: dtoverlay=vc4-kms-v3d,audio=off
    dest: /boot/config.txt
  notify: Restart system
+
 - name: Add hifiberry dtoverlay
+  become: true
  ansible.builtin.lineinfile:
    line: "dtoverlay={{ hifiberry__device }}"
    dest: /boot/config.txt
--- a/playbooks/roles/mosquitto/handlers/main.yaml
+++ b/playbooks/roles/mosquitto/handlers/main.yaml
@ -1,5 +1,6 @@
 ---
 - name: Restart mosquitto
+  become: true
  ansible.builtin.systemd:
    service: mosquitto.service
    state: restarted
--- a/playbooks/roles/mosquitto/tasks/main.yaml
+++ b/playbooks/roles/mosquitto/tasks/main.yaml
@ -1,25 +1,32 @@
 ---
 - name: Ensure mosquitto is installed
+  become: true
  ansible.builtin.apt:
    name: mosquitto
+
 - name: Ensure main configuraton file is deployed
+  become: true
  ansible.builtin.copy:
    content: "{{ mosquitto__mosquitto_conf_content }}"
    dest: /etc/mosquitto/mosquitto.conf
-    mode: 0644
+    mode: "644"
    owner: root
    group: root
  notify: Restart mosquitto
+
 - name: Ensure all additional configuraton files are deployed
+  become: true
  ansible.builtin.copy:
    content: "{{ item.content }}"
    dest: /etc/mosquitto/conf.d/{{ item.name }}.conf
-    mode: 0644
+    mode: "644"
    owner: root
    group: root
  loop: "{{ mosquitto__configs }}"
  notify: Restart mosquitto
+
 - name: Ensure mosquitto service is enabled and started
+  become: true
  ansible.builtin.systemd:
    service: mosquitto.service
    enabled: true
--- a/playbooks/roles/ola/handlers/main.yaml
+++ b/playbooks/roles/ola/handlers/main.yaml
@ -1,4 +1,5 @@
 - name: Restart olad
+  become: true
  ansible.builtin.systemd:
    service: olad.service
    state: restarted
--- a/playbooks/roles/ola/tasks/main.yaml
+++ b/playbooks/roles/ola/tasks/main.yaml
@ -1,16 +1,21 @@
 - name: Install ola
+  become: true
  ansible.builtin.apt:
    name: ola
+
 - name: Ensure all given configuraton files are deployed
+  become: true
  ansible.builtin.copy:
    content: "{{ item.content }}"
    dest: /etc/ola/{{ item.name }}.conf
-    mode: 0644
+    mode: "644"
    owner: olad
    group: olad
  loop: "{{ ola__configs }}"
  notify: Restart olad
+
 - name: Enable and start ola service
+  become: true
  ansible.builtin.systemd:
    name: olad.service
    state: started
--- a/playbooks/roles/shairport_sync/handlers/main.yaml
+++ b/playbooks/roles/shairport_sync/handlers/main.yaml
@ -1,5 +1,6 @@
 ---
 - name: Restart shairport-sync service
+  become: true
  ansible.builtin.systemd:
    service: shairport-sync
    state: restarted
--- a/playbooks/roles/shairport_sync/tasks/main.yaml
+++ b/playbooks/roles/shairport_sync/tasks/main.yaml
@ -1,16 +1,21 @@
 ---
 - name: Ensure shairport-sync is installed
+  become: true
  ansible.builtin.apt:
    name: shairport-sync
+
 - name: Ensure shairport-sync config is deployed
+  become: true
  ansible.builtin.copy:
    content: "{{ shairport_sync__config }}"
    dest: /etc/shairport-sync.conf
-    mode: 0644
+    mode: "644"
    owner: root
    group: root
  notify: Restart shairport-sync service
+
 - name: Ensure shairport-sync service is enabled and started
+  become: true
  ansible.builtin.systemd:
    service: shairport-sync
    state: started
--- a/playbooks/roles/zigbee2mqtt/handlers/main.yaml
+++ b/playbooks/roles/zigbee2mqtt/handlers/main.yaml
@ -1,8 +1,11 @@
 - name: Restart zigbee2mqtt
+  become: true
  ansible.builtin.systemd:
    name: zigbee2mqtt
    state: restarted
+
 - name: Reload systemd-daemon and restart zigbee2mqtt
+  become: true
  ansible.builtin.systemd:
    name: zigbee2mqtt
    state: restarted
--- a/playbooks/roles/zigbee2mqtt/tasks/main.yaml
+++ b/playbooks/roles/zigbee2mqtt/tasks/main.yaml
@ -1,12 +1,15 @@
 - name: Ensure acl is installed
+  become: true
  ansible.builtin.apt:
    name: acl

 - name: Ensure git is installed
+  become: true
  ansible.builtin.apt:
    name: git

 - name: Ensure zigbee2mqtt user exists
+  become: true
  ansible.builtin.user:
    name: zigbee2mqtt
    groups:
@ -15,6 +18,7 @@
    group: zigbee2mqtt

 - name: Ensure installation directory exists
+  become: true
  ansible.builtin.file:
    dest: /opt/zigbee2mqtt
    state: directory
@ -23,6 +27,7 @@
    group: zigbee2mqtt

 - name: Ensure zigbee2mqtt repository is cloned
+  become: true
  become_user: zigbee2mqtt
  ansible.builtin.git:
    repo: https://github.com/Koenkk/zigbee2mqtt.git
@ -32,6 +37,7 @@
  notify: Restart zigbee2mqtt

 - name: Ensure npm dependencies are installed
+  become: true
  become_user: zigbee2mqtt
  community.general.npm:
    path: /opt/zigbee2mqtt
@ -39,6 +45,7 @@
  changed_when: false # installs packages according to package-lock.json, but always reports a change

 - name: Ensure custom zigbee2mqtt data directory exists
+  become: true
  ansible.builtin.file:
    dest: /home/zigbee2mqtt/zigbee2mqtt_data
    state: directory
@ -52,6 +59,7 @@
  register: zigbee2mqtt__conf_stat

 - name: Ensure configuration file is deployed when it doesn't exist
+  become: true
  when: not zigbee2mqtt__conf_stat.stat.exists
  ansible.builtin.copy:
    content: "{{ zigbee2mqtt__config }}"
@ -62,6 +70,7 @@
  notify: Restart zigbee2mqtt

 - name: Ensure zigbee2mqtt service file is deployed
+  become: true
  ansible.builtin.copy:
    src: zigbee2mqtt.service
    dest: /etc/systemd/system/zigbee2mqtt.service
@ -71,6 +80,7 @@
  notify: Reload systemd-daemon and restart zigbee2mqtt

 - name: Ensure zigbee2mqtt is enabled and started
+  become: true
  ansible.builtin.systemd:
    service: zigbee2mqtt
    enabled: true