Dont create temp user if not needed in base_install

2026-01-27 12:13:06 +01:00
parent adc980c2a1
commit 03f079e669
1 changed files with 40 additions and 29 deletions
--- a/ansible/base_install.yml
+++ b/ansible/base_install.yml
@@ -64,39 +64,50 @@
      register: result
      changed_when: result.rc == 0

-    - name: Create temporary AUR builder user
-      ansible.builtin.user:
-        name: "{{ aur_builder }}"
-        create_home: true
-        shell: /bin/bash
+    - name: Check which AUR packages are already installed
+      ansible.builtin.command: >
+        pacman -Q {{ aur_packages | join(' ') }}
+      register: aur_check
+      changed_when: false
+      failed_when: false

-    - name: Allow temporary builder to use pacman without password
-      ansible.builtin.copy:
-        dest: "/etc/sudoers.d/{{ aur_builder }}-pacman"
-        content: "{{ aur_builder }} ALL=(ALL) NOPASSWD: /usr/bin/pacman\n"
-        owner: root
-        group: root
-        mode: "0440"
-        validate: "visudo -cf %s"
+    - name: Determine if AUR install is needed
+      ansible.builtin.set_fact:
+        aur_install_needed: "{{ aur_check.rc != 0 }}"

-    - name: Install AUR packages
-      become: true
-      become_user: "{{ aur_builder }}"
-      kewlfft.aur.aur:
-        name: "{{ aur_packages }}"
-        state: present
-        update_cache: true
+    - block:
+        - name: Create temporary AUR builder user
+          ansible.builtin.user:
+            name: "{{ aur_builder }}"
+            create_home: true
+            shell: /bin/bash

-    - name: Remove sudoers entry for temporary builder
-      ansible.builtin.file:
-        path: "/etc/sudoers.d/{{ aur_builder }}-pacman"
-        state: absent
+        - name: Allow temporary builder to use pacman without password
+          ansible.builtin.copy:
+            dest: "/etc/sudoers.d/{{ aur_builder }}-pacman"
+            content: "{{ aur_builder }} ALL=(root) NOPASSWD: /usr/bin/pacman\n"
+            mode: "0440"
+            validate: "visudo -cf %s"

-    - name: Remove temporary AUR builder user and home directory
-      ansible.builtin.user:
-        name: "{{ aur_builder }}"
-        state: absent
-        remove: true
+        - name: Install AUR packages
+          become: true
+          become_user: "{{ aur_builder }}"
+          kewlfft.aur.aur:
+            name: "{{ aur_packages }}"
+            state: present
+
+      always:
+        - name: Cleanup sudoers
+          ansible.builtin.file:
+            path: "/etc/sudoers.d/{{ aur_builder }}-pacman"
+            state: absent
+
+        - name: Cleanup builder user
+          ansible.builtin.user:
+            name: "{{ aur_builder }}"
+            state: absent
+            remove: true
+      when: aur_install_needed

    ## Post install config
    - name: Ensure groups exist