From 8f2998abc0721d8abc8e2440afebf272e87da858 Mon Sep 17 00:00:00 2001
From: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
Date: Sun, 27 Apr 2025 18:15:07 +0200
Subject: [PATCH] refactor(ansible): use ansible_user_id and add root package
 condition

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
---
 group_vars/proxmox/secrets_vm.yml            | 14 +++++++-------
 roles/common/tasks/bash.yml                  |  6 +++---
 roles/common/tasks/main.yml                  |  4 ++--
 roles/common/tasks/packages.yml              | 16 +++++++++++++++-
 roles/docker_host/tasks/deploy_compose.yml   |  4 ++--
 roles/docker_host/tasks/directory_setup.yml  |  6 +++---
 roles/docker_host/tasks/provision.yml        |  8 ++++----
 roles/docker_host/tasks/user_group_setup.yml |  4 ++--
 roles/docker_host/vars/main.yml              |  1 +
 roles/proxmox/vars/main.yml                  |  1 -
 10 files changed, 39 insertions(+), 25 deletions(-)

diff --git a/group_vars/proxmox/secrets_vm.yml b/group_vars/proxmox/secrets_vm.yml
index 98f34a3..6a8c71c 100644
--- a/group_vars/proxmox/secrets_vm.yml
+++ b/group_vars/proxmox/secrets_vm.yml
@@ -1,8 +1,8 @@
 $ANSIBLE_VAULT;1.1;AES256
-64623839343136343037346662393336313734626237393336666138303264646634363535356632
-6161643031656639383939616338353432303832633466320a376135363361613563343231326430
-36316264346434343366396334643466366364386266316261363336396539626132613865353236
-6366633136613064650a303831646430343431323338653566633665653162633664366163653864
-35326266646534366665366238656132393163306161393966353338626266313339396465333539
-63663133323231623030633964383239373337313439396363306134353961616661343963363332
-663962656462316461643565383833396164
+37613534383362613234623233396435336239353166353561613666643137356466663139626439
+6233666333623133343533323036646630613463323638350a613932343238316339383633316266
+65333436623532386139386331386330363664323864313536356365373165386363336439656161
+6363623734623633340a626165353035316135356630356461363533653066643735373762363035
+61623435643337613236313035333366373131363132656235623363343832663732656437363832
+61313235323862653833313531306638373137633063323939373537353165316139633235393137
+306131653436333463666637363363646530
diff --git a/roles/common/tasks/bash.yml b/roles/common/tasks/bash.yml
index 727d26b..2e32db4 100644
--- a/roles/common/tasks/bash.yml
+++ b/roles/common/tasks/bash.yml
@@ -2,9 +2,9 @@
 - name: Copy bash-configs
   ansible.builtin.template:
     src: "files/bash/{{ item }}"
-    dest: "/home/{{ user }}/.{{ item }}"
-    owner: "{{ user }}"
-    group: "{{ user }}"
+    dest: "{{ ansible_env.HOME }}/.{{ item }}"
+    owner: "{{ ansible_user_id }}"
+    group: "{{ ansible_user_id }}"
     mode: "644"
   loop:
     - bashrc
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 4ad3204..b206178 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,10 +1,10 @@
 ---
 - name: Configure Time
   ansible.builtin.include_tasks: time.yml
-- name: Configure Hostname
-  ansible.builtin.include_tasks: hostname.yml
 - name: Configure Packages
   ansible.builtin.include_tasks: packages.yml
+- name: Configure Hostname
+  ansible.builtin.include_tasks: hostname.yml
 - name: Configure Extra-Packages
   ansible.builtin.include_tasks: extra_packages.yml
 - name: Configure Bash
diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml
index 639ad86..8a8dd31 100644
--- a/roles/common/tasks/packages.yml
+++ b/roles/common/tasks/packages.yml
@@ -5,9 +5,23 @@
     upgrade: true
     autoremove: true
   become: true
+  when: ansible_user_id != "root"
 
 - name: Install base packages
   ansible.builtin.apt:
     name: "{{ common_packages }}"
     state: present
-  become: true
+  when: ansible_user_id != "root"
+
+- name: Update and upgrade packages
+  ansible.builtin.apt:
+    update_cache: true
+    upgrade: true
+    autoremove: true
+  when: ansible_user_id == "root"
+
+- name: Install base packages
+  ansible.builtin.apt:
+    name: "{{ common_packages }}"
+    state: present
+  when: ansible_user_id == "root"
diff --git a/roles/docker_host/tasks/deploy_compose.yml b/roles/docker_host/tasks/deploy_compose.yml
index 182e370..705891d 100644
--- a/roles/docker_host/tasks/deploy_compose.yml
+++ b/roles/docker_host/tasks/deploy_compose.yml
@@ -3,8 +3,8 @@
   ansible.builtin.template:
     src: "templates/compose.yaml.j2"
     dest: "{{ docker.directories.compose }}/compose.yaml"
-    owner: "{{ user }}"
-    group: "{{ user }}"
+    owner: "{{ ansible_user_id }}"
+    group: "{{ ansible_user_id }}"
     mode: "644"
     backup: true
   notify:
diff --git a/roles/docker_host/tasks/directory_setup.yml b/roles/docker_host/tasks/directory_setup.yml
index d4d3a6e..78b6e2c 100644
--- a/roles/docker_host/tasks/directory_setup.yml
+++ b/roles/docker_host/tasks/directory_setup.yml
@@ -14,11 +14,11 @@
     - "{{ docker.directories.compose }}"
   become: true
 
-- name: Set ownership to {{ user }}
+- name: Set ownership to {{ ansible_user_id }}
   ansible.builtin.file:
     path: "{{ item }}"
-    owner: "{{ user }}"
-    group: "{{ user }}"
+    owner: "{{ ansible_user_id }}"
+    group: "{{ ansible_user_id }}"
   loop:
     - "{{ docker.directories.local }}"
     - "{{ docker.directories.config }}"
diff --git a/roles/docker_host/tasks/provision.yml b/roles/docker_host/tasks/provision.yml
index 28e94ea..782fa77 100644
--- a/roles/docker_host/tasks/provision.yml
+++ b/roles/docker_host/tasks/provision.yml
@@ -6,8 +6,8 @@
 - name: Run Keycloak tasks
   ansible.builtin.file:
     path: "{{ docker.directories.local }}/keycloak/"
-    owner: "{{ user }}"
-    group: "{{ user }}"
+    owner: "{{ ansible_user_id }}"
+    group: "{{ ansible_user_id }}"
     state: directory
     mode: "0755"
   when: is_keycloak_host | bool
@@ -17,8 +17,8 @@
   ansible.builtin.template:
     src: "templates/keycloak/realm.json.j2"
     dest: "{{ docker.directories.local }}/keycloak/{{ keycloak.realm }}-realm.json"
-    owner: "{{ user }}"
-    group: "{{ user }}"
+    owner: "{{ ansible_user_id }}"
+    group: "{{ ansible_user_id }}"
     mode: "644"
     backup: true
   when: is_keycloak_host | bool
diff --git a/roles/docker_host/tasks/user_group_setup.yml b/roles/docker_host/tasks/user_group_setup.yml
index e65bf73..7703b4a 100644
--- a/roles/docker_host/tasks/user_group_setup.yml
+++ b/roles/docker_host/tasks/user_group_setup.yml
@@ -5,9 +5,9 @@
     state: present
   become: true
 
-- name: Append the group docker to "{{ user }}"
+- name: Append the group docker to "{{ ansible_user_id }}"
   ansible.builtin.user:
-    name: "{{ user }}"
+    name: "{{ ansible_user_id }}"
     shell: /bin/bash
     groups: docker
     append: true
diff --git a/roles/docker_host/vars/main.yml b/roles/docker_host/vars/main.yml
index 259b6c6..1ced720 100644
--- a/roles/docker_host/vars/main.yml
+++ b/roles/docker_host/vars/main.yml
@@ -1,2 +1,3 @@
 docker_host_package_common_dependencies:
   - nfs-common
+  - firmware-misc-nonfree
diff --git a/roles/proxmox/vars/main.yml b/roles/proxmox/vars/main.yml
index c48123b..17ce0bc 100644
--- a/roles/proxmox/vars/main.yml
+++ b/roles/proxmox/vars/main.yml
@@ -21,6 +21,5 @@ proxmox_tags:
 proxmox_node_dependencies:
   - libguestfs-tools
   - nmap
-  - firmware-misc-nonfree
 
 proxmox_localhost_dependencies: []