feat: adds nextcloud and plex

fix: caddy stuff
2025-07-19 03:08:16 +02:00
parent 085d037f77
commit 10374bc2e6
19 changed files with 733 additions and 227 deletions
--- a/bin/actions/update.py
+++ b/bin/actions/update.py
@@ -213,6 +213,30 @@ def ensure_ansible_collections():
    return True


+def get_sudo_password_from_1password(username, hostname):
+    """Fetches the sudo password from 1Password using the op CLI tool."""
+    printfe("cyan", "Attempting to fetch sudo password from 1Password...")
+    try:
+        op_command = [
+            "op",
+            "read",
+            f"op://Dotfiles/sudo/{username} {hostname}",
+        ]
+        result = subprocess.run(op_command, capture_output=True, text=True, check=True)
+        password = result.stdout.strip()
+        printfe("green", "Successfully fetched sudo password from 1Password.")
+        return password
+    except subprocess.CalledProcessError as e:
+        printfe("red", f"Failed to fetch password from 1Password: {e.stderr.strip()}")
+        return None
+    except FileNotFoundError:
+        printfe("red", "Error: 'op' command not found. Please ensure 1Password CLI is installed and in your PATH.")
+        return None
+    except Exception as e:
+        printfe("red", f"An unexpected error occurred while fetching password: {e}")
+        return None
+
+
 def main():
    # Parse arguments
    parser = argparse.ArgumentParser(add_help=False)
@@ -353,13 +377,7 @@ def main():
            return 1

        printfe("cyan", "Running Ansible playbook...")
-        # Determine which playbook to use based on tags
-        if args.tags and any(tag.strip() in ['caddy', 'country-blocking', 'caddyfile', 'config'] for tag in args.tags.split(',')):
-            playbook_path = f"{dotfiles_path}/config/ansible/caddy-playbook.yml"
-            printfe("cyan", f"Using dedicated Caddy playbook for tags: {args.tags}")
-        else:
-            playbook_path = f"{dotfiles_path}/config/ansible/playbook.yml"
-
+        playbook_path = f"{dotfiles_path}/config/ansible/playbook.yml"
        ansible_cmd = [
            "/usr/bin/env",
            "ansible-playbook",
@@ -372,9 +390,20 @@ def main():
            f"ansible_user={username}",
            "--limit",
            hostname,
-            "--ask-become-pass",
        ]

+        sudo_password = None
+        if not os.isatty(sys.stdin.fileno()):
+            printfe("yellow", "Warning: Not running in an interactive terminal. Cannot fetch password from 1Password.")
+            ansible_cmd.append("--ask-become-pass")
+        else:
+            sudo_password = get_sudo_password_from_1password(username, hostname)
+            if sudo_password:
+                ansible_cmd.extend(["--become-pass-file", "-"])
+            else:
+                printfe("yellow", "Could not fetch password from 1Password. Falling back to --ask-become-pass.")
+                ansible_cmd.append("--ask-become-pass")
+
        if args.tags:
            ansible_cmd.extend(["--tags", args.tags])

@@ -384,7 +413,12 @@ def main():
        # Debug: Show the command being executed
        printfe("yellow", f"Debug: Executing command: {' '.join(ansible_cmd)}")

-        result = subprocess.run(ansible_cmd)
+        # Execute the Ansible command, passing password via stdin if available
+        if sudo_password:
+            result = subprocess.run(ansible_cmd, input=sudo_password.encode('utf-8'))
+        else:
+            result = subprocess.run(ansible_cmd)
+
        if result.returncode != 0:
            printfe("red", "Failed to upgrade Ansible packages.")
            return 1