fix: remove homebrew casks

fix: favor sudoers.d over lines in /etc/sudoers
fix: nomad handler runs correctly
2025-11-18 18:03:40 -05:00 · 2024-03-18 16:05:17 -04:00 · 2024-03-18 16:03:44 -04:00 · 2024-03-18 16:02:57 -04:00
4 changed files with 23 additions and 62 deletions
--- a/default_variables.yml
+++ b/default_variables.yml
@@ -6,7 +6,7 @@ backup_mongodb_version: 1.1.0
 consul_version: 1.16.1
 gitea_version: 1.21.6
 influxdb_version: 1.11.1
-nomad_version: 1.7.5
+nomad_version: 1.7.6
 prometheus_verssion: 2.46.0
 recyclarr_version: 6.0.2
 speedtest_cli_version: 1.2.0
@@ -120,49 +120,26 @@ mac_tdarr_file_location: "/Users/{{ ansible_user }}/Library/tdarr"
 # ---------------------------------- PACKAGES

 apt_packages_list:
-    - bc
    - coreutils
    - curl
    - dnsutils
-    - exa
    - fzf
    - git
    - git-extras
-    - htop
-    - iftop
-    - iotop
    - iperf
-    - jq
-    - less
-    - lnav
    - logrotate
-    - lsof
    - nano
-    - netcat
-    - net-tools
-    - nmap
    - openssh-server
    - p7zip-full
    - python3-pip
-    - rsync
-    - shellcheck
    - tailscale
-    - unzip
-    - wget
-    - yamllint
-    - zsh

 homebrew_package_list:
-    - ansible
-    - ansible-lint
    - bash
    - bash-completion
-    - bashdb
    - bat
-    - bats-core
    - coreutils
    - diff-so-fancy
-    - exa
    - ffmpeg
    - findutils
    - fping
@@ -176,17 +153,12 @@ homebrew_package_list:
    - gnutls
    - gpg
    - grep
-    - handbrake
    - htop
-    - httpie
    - iperf
    - jq
    - nano
    - ncurses
-    - nmap
    - openssl
-    - pandoc
-    - prettier
    - readline
    - shellcheck
    - shfmt
@@ -194,11 +166,4 @@ homebrew_package_list:
    - sqlite
    - ssh-copy-id
    - tealdeer
-    - tree
    - wget
-    - yamllint
-    - zsh
-
-homebrew_cask_install_dir: /Applications
-homebrew_casks_list:
-    - lingon-x
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -90,9 +90,11 @@
 - name: "Ensure nomad is really running"
  ansible.builtin.shell:
      cmd: "set -o pipefail && sleep 10 && /usr/local/bin/nomad node status -self -short | grep {{ inventory_hostname }}"
+  args:
+      executable: /bin/bash
  register: node_status_response
  failed_when: node_status_response.rc > 0
-  changed_when: node_status_response.rc == 0
+  changed_when: false
  when: "'nostart' not in ansible_run_tags"
  listen: "restart nomad"
 # - name: "Ensure sure Nomad service is really running"
--- a/tasks/backups.yml
+++ b/tasks/backups.yml
@@ -24,24 +24,18 @@
  when:
      - is_nomad_client or is_nomad_server

- name: Ensure nomad user can run sudo with the restore script
+- name: "SUDO: Confirm users can run service_backups"
  become: true
  ansible.builtin.lineinfile:
-      path: /etc/sudoers
+      path: "/etc/sudoers.d/010_{{ item }}-backups-nopasswd"
+      line: "{{ item }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
      state: present
-      line: "nomad ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
-      validate: "/usr/sbin/visudo -cf %s"
-  when:
-      - is_nomad_client or is_nomad_server
-      - "'pis' in group_names"
-
- name: Ensure my user can run sudo with the restore script
-  become: true
-  ansible.builtin.lineinfile:
-      path: /etc/sudoers
-      state: present
-      line: "{{ ansible_user }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
+      create: true
+      mode: "0440"
      validate: "/usr/sbin/visudo -cf %s"
+  loop:
+      - nomad
+      - "{{ ansible_user }}"
  when:
      - is_nomad_client or is_nomad_server
      - "'pis' in group_names"
--- a/tasks/packages.yml
+++ b/tasks/packages.yml
@@ -54,14 +54,14 @@
        ansible.builtin.debug:
            msg: "{{ homebrew_output.unchanged_pkgs }}"

-      - name: Install homebrew casks # noqa: ignore-errors
-        community.general.homebrew_cask:
-            name: "{{ item }}"
-            state: present
-            install_options: "appdir=/Applications"
-            accept_external_apps: true
-            upgrade_all: false
-            update_homebrew: false
-            greedy: false
-        loop: "{{ homebrew_casks_list }}"
-        ignore_errors: true
+      # - name: Install homebrew casks # noqa: ignore-errors
+      #   community.general.homebrew_cask:
+      #       name: "{{ item }}"
+      #       state: present
+      #       install_options: "appdir=/Applications"
+      #       accept_external_apps: true
+      #       upgrade_all: false
+      #       update_homebrew: false
+      #       greedy: false
+      #   loop: "{{ homebrew_casks_list }}"
+      #   ignore_errors: true
Author	SHA1	Message	Date
Nathaniel Landau	d9dfbb5152	fix: remove homebrew casks	2024-03-18 16:05:17 -04:00
Nathaniel Landau	6e8b39aef9	fix: favor sudoers.d over lines in /etc/sudoers	2024-03-18 16:03:44 -04:00
Nathaniel Landau	8734731355	fix: nomad handler runs correctly	2024-03-18 16:02:57 -04:00