it-team/lmn-client
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prevent unintended local execution of delegated tasks in ansible-pull

Browse source
This commit is contained in:
Raphael Dannecker 2026-03-09 12:32:27 +01:00
parent 005ce84594
commit a2e8bac9bd
3 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/lmn_misc/templates/lmn-updater.service.j2
View file

@ -5,5 +5,5 @@ Description=Run LMN Client updates via ansible-pull
Type=oneshot Type=oneshot
User=root User=root
ExecStart=/usr/bin/ansible-pull --only-if-changed --verbose --vault-password-file /root/.inventory-pw -l %H -d /root/lmn-client \ ExecStart=/usr/bin/ansible-pull --only-if-changed --verbose --vault-password-file /root/.inventory-pw -l %H -d /root/lmn-client \
-i {{ misc_updater_inventory }} --url={{ misc_updater_repository }} -C {{ misc_updater_branch }} lmn-client.yml --skip-tags no_ansible_pull -i {{ misc_updater_inventory }} --url={{ misc_updater_repository }} -C {{ misc_updater_branch }} lmn-client.yml

2
roles/lmn_vpn/tasks/main.yml
View file

@ -29,3 +29,5 @@
- name: Configure Wireguard - name: Configure Wireguard
ansible.builtin.include_tasks: wg_config.yml ansible.builtin.include_tasks: wg_config.yml
when: vpn is defined and vpn == "wg" when: vpn is defined and vpn == "wg"
tags:
- no_ansible_pull

2
roles/lmn_wlan/tasks/main.yaml
View file

@ -39,3 +39,5 @@
- name: Configure WPA-Enterprise (EAP-TLS) - name: Configure WPA-Enterprise (EAP-TLS)
ansible.builtin.include_tasks: eap-tls_check-certificate.yaml ansible.builtin.include_tasks: eap-tls_check-certificate.yaml
when: wlan == 'eap-tls' when: wlan == 'eap-tls'
tags:
- no_ansible_pull