[pre-commit.ci] pre-commit autoupdate

updates:
- [github.com/commitizen-tools/commitizen: v3.18.4 → v4.1.0](https://github.com/commitizen-tools/commitizen/compare/v3.18.4...v4.1.0)
- [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v5.0.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.5.0...v5.0.0)
- [github.com/crate-ci/typos: v1.19.0 → dictgen-v0.3.1](https://github.com/crate-ci/typos/compare/v1.19.0...dictgen-v0.3.1)
- [github.com/ansible/ansible-lint: v24.2.1 → v24.12.2](https://github.com/ansible/ansible-lint/compare/v24.2.1...v24.12.2)

.pre-commit-config.yaml

@@ -1,12 +1,12 @@
 ---
 repos:
     - repo: "https://github.com/commitizen-tools/commitizen"
-      rev: v3.18.4
+      rev: v4.1.0
       hooks:
           - id: "commitizen"
 
     - repo: "https://github.com/pre-commit/pre-commit-hooks"
-      rev: v4.5.0
+      rev: v5.0.0
       hooks:
           - id: check-added-large-files
           - id: check-ast
@@ -44,12 +44,12 @@ repos:
             entry: yamllint --strict --config-file .yamllint.yml
 
     - repo: "https://github.com/crate-ci/typos"
-      rev: v1.19.0
+      rev: dictgen-v0.3.1
       hooks:
           - id: typos
 
     - repo: "https://github.com/ansible/ansible-lint"
-      rev: v24.2.1
+      rev: v24.12.2
       hooks:
           - id: ansible-lint
             additional_dependencies:

default_variables.yml

@@ -6,7 +6,7 @@ backup_mongodb_version: 1.1.0
 consul_version: 1.16.1
 gitea_version: 1.21.6
 influxdb_version: 1.11.1
-nomad_version: 1.7.5
+nomad_version: 1.7.6
 prometheus_verssion: 2.46.0
 recyclarr_version: 6.0.2
 speedtest_cli_version: 1.2.0
@@ -120,49 +120,26 @@ mac_tdarr_file_location: "/Users/{{ ansible_user }}/Library/tdarr"
 # ---------------------------------- PACKAGES
 
 apt_packages_list:
-    - bc
     - coreutils
     - curl
     - dnsutils
-    - exa
     - fzf
     - git
     - git-extras
-    - htop
-    - iftop
-    - iotop
     - iperf
-    - jq
-    - less
-    - lnav
     - logrotate
-    - lsof
     - nano
-    - netcat
-    - net-tools
-    - nmap
     - openssh-server
     - p7zip-full
     - python3-pip
-    - rsync
-    - shellcheck
     - tailscale
-    - unzip
-    - wget
-    - yamllint
-    - zsh
 
 homebrew_package_list:
-    - ansible
-    - ansible-lint
     - bash
     - bash-completion
-    - bashdb
     - bat
-    - bats-core
     - coreutils
     - diff-so-fancy
-    - exa
     - ffmpeg
     - findutils
     - fping
@@ -176,17 +153,12 @@ homebrew_package_list:
     - gnutls
     - gpg
     - grep
-    - handbrake
     - htop
-    - httpie
     - iperf
     - jq
     - nano
     - ncurses
-    - nmap
     - openssl
-    - pandoc
-    - prettier
     - readline
     - shellcheck
     - shfmt
@@ -194,11 +166,4 @@ homebrew_package_list:
     - sqlite
     - ssh-copy-id
     - tealdeer
-    - tree
     - wget
-    - yamllint
-    - zsh
-
-homebrew_cask_install_dir: /Applications
-homebrew_casks_list:
-    - lingon-x

handlers/main.yml

@@ -90,9 +90,11 @@
 - name: "Ensure nomad is really running"
   ansible.builtin.shell:
       cmd: "set -o pipefail && sleep 10 && /usr/local/bin/nomad node status -self -short | grep {{ inventory_hostname }}"
+  args:
+      executable: /bin/bash
   register: node_status_response
   failed_when: node_status_response.rc > 0
-  changed_when: node_status_response.rc == 0
+  changed_when: false
   when: "'nostart' not in ansible_run_tags"
   listen: "restart nomad"
 # - name: "Ensure sure Nomad service is really running"

tasks/backups.yml

@@ -24,24 +24,18 @@
   when:
       - is_nomad_client or is_nomad_server
 
-- name: Ensure nomad user can run sudo with the restore script
+- name: "SUDO: Confirm users can run service_backups"
   become: true
   ansible.builtin.lineinfile:
-      path: /etc/sudoers
+      path: "/etc/sudoers.d/010_{{ item }}-backups-nopasswd"
+      line: "{{ item }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
       state: present
-      line: "nomad ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
-      validate: "/usr/sbin/visudo -cf %s"
-  when:
-      - is_nomad_client or is_nomad_server
-      - "'pis' in group_names"
-
-- name: Ensure my user can run sudo with the restore script
-  become: true
-  ansible.builtin.lineinfile:
-      path: /etc/sudoers
-      state: present
-      line: "{{ ansible_user }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
+      create: true
+      mode: "0440"
       validate: "/usr/sbin/visudo -cf %s"
+  loop:
+      - nomad
+      - "{{ ansible_user }}"
   when:
       - is_nomad_client or is_nomad_server
       - "'pis' in group_names"

tasks/packages.yml

@@ -54,14 +54,14 @@
         ansible.builtin.debug:
             msg: "{{ homebrew_output.unchanged_pkgs }}"
 
-      - name: Install homebrew casks # noqa: ignore-errors
-        community.general.homebrew_cask:
-            name: "{{ item }}"
-            state: present
-            install_options: "appdir=/Applications"
-            accept_external_apps: true
-            upgrade_all: false
-            update_homebrew: false
-            greedy: false
-        loop: "{{ homebrew_casks_list }}"
-        ignore_errors: true
+      # - name: Install homebrew casks # noqa: ignore-errors
+      #   community.general.homebrew_cask:
+      #       name: "{{ item }}"
+      #       state: present
+      #       install_options: "appdir=/Applications"
+      #       accept_external_apps: true
+      #       upgrade_all: false
+      #       update_homebrew: false
+      #       greedy: false
+      #   loop: "{{ homebrew_casks_list }}"
+      #   ignore_errors: true