:bug: fix deployment scripts

deploy/ec2.yml

@@ -9,4 +9,4 @@
   roles:
     - os
     - ubuntu
-    - reset
+    - random-passwords

deploy/ping.yml

@@ -1,8 +1,9 @@
-- name: Testing ssh connections
+- name: Ping
   hosts: all
   tasks:
     - name: Test ssh connection
       ansible.builtin.ping:
+
     - name: Show facts available on the system
       ansible.builtin.debug:
         var: ansible_facts

deploy/roles/os/tasks/init.yml

@@ -0,0 +1,14 @@
+- name: Create downloads folder
+  ansible.builtin.file:
+    path: "{{ ansible_env.HOME }}/downloads/"
+    state: directory
+
+- name: Create backup folder
+  ansible.builtin.file:
+    path: "{{ ansible_env.HOME }}/backups/"
+    state: directory
+
+- name: Create local folder
+  ansible.builtin.file:
+    path: "{{ ansible_env.HOME }}/local/"
+    state: directory

deploy/roles/os/tasks/main.yml

@@ -1,13 +1,38 @@
-- import_tasks: sshd.yml
-- import_tasks: ulimits.yml
+- include_tasks: init.yml
+- include_tasks: sshd.yml
+- include_tasks: ulimits.yml
+
+- name: Update system
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Kylin'
+
+- name: Update all packages to their latest version
+  become: true
+  ansible.builtin.apt:
+    name: "*"
+    state: latest
+  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Kylin'
+
+- name: Install dependicy packages
+  become: true
+  ansible.builtin.apt:
+    pkg:
+      - pwgen
+      - zsh
+      - git
+      - tmux
+  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Kylin'
 
 - name: Set timezone
   become: true
-  shell: timedatectl set-timezone UTC
+  ansible.builtin.shell: timedatectl set-timezone UTC
 
 - name: Setup journald storage
   become: true
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/systemd/journald.conf
     regexp: "^#Storage="
     line: Storage=persistent
@@ -15,7 +40,7 @@
 # https://www.linode.com/docs/quick-answers/linux/how-to-use-journalctl/
 - name: Setup journald storage keep-free
   become: true
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/systemd/journald.conf
     state: present
     regexp: "^#SystemKeepFree="

deploy/roles/os/tasks/sshd.yml

@@ -1,10 +1,17 @@
+- name: Backup sshd_config
+  become: true
+  ansible.builtin.copy:
+    src: /etc/ssh/sshd_config
+    dest: "{{ ansible_env.HOME }}/backups/etc_sshd_config"
+    remote_src: yes
+    backup: yes
+
 - name: Disable dns for sshd
   become: true
   ansible.builtin.lineinfile:
     path: /etc/ssh/sshd_config
     regexp: "^UseDNS "
     line: UseDNS no
-    backup: true
 
 - name: Disable GSS api auth for sshd
   become: true
@@ -12,4 +19,17 @@
     path: /etc/ssh/sshd_config
     regexp: "^GSSAPIAuthentication "
     line: GSSAPIAuthentication no
-    backup: true
+
+- name: Disable root ssh login
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^PermitRootLogin no"
+    line: PermitRootLogin no
+
+- name: Disable ssh login by password
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^PasswordAuthentication no"
+    line: PasswordAuthentication no

deploy/roles/os/tasks/ulimits.yml

@@ -1,10 +1,17 @@
+- name: Backup system.conf
+  become: true
+  ansible.builtin.copy:
+    src: /etc/systemd/system.conf
+    dest: "{{ ansible_env.HOME }}/backups/etc_systemd_system"
+    remote_src: yes
+    backup: yes
+
 - name: Setup nofile for system
   become: true
   ansible.builtin.lineinfile:
     path: /etc/systemd/system.conf
     regexp: "^DefaultLimitNOFILE="
     line: DefaultLimitNOFILE=2097152
-    backup: true
 
 - name: Setup nproc for system
   become: true
@@ -12,7 +19,14 @@
     path: /etc/systemd/system.conf
     regexp: "^DefaultLimitNPROC"
     line: DefaultLimitNPROC=524288
-    backup: true
+
+- name: Backup user.conf
+  become: true
+  ansible.builtin.copy:
+    src: /etc/systemd/user.conf
+    dest: "{{ ansible_env.HOME }}/backups/etc_systemd_user.conf"
+    remote_src: yes
+    backup: yes
 
 - name: Setup nofile for user
   become: true
@@ -20,7 +34,6 @@
     path: /etc/systemd/user.conf
     regexp: "^DefaultLimitNOFILE="
     line: DefaultLimitNOFILE=1048576
-    backup: true
 
 - name: Setup nproc for user
   become: true
@@ -28,35 +41,56 @@
     path: /etc/systemd/user.conf
     regexp: "^DefaultLimitNPROC"
     line: DefaultLimitNPROC=262144
-    backup: true
 
-- name: Set user level ppen file limits for root
+- name: Backup limits.conf
+  become: true
+  ansible.builtin.copy:
+    src: /etc/security/limits.conf
+    dest: "{{ ansible_env.HOME }}/backups/etc_security_limits.conf"
+    remote_src: yes
+    backup: yes
+
+- name: Set user level open file limits for root
   become: true
   ansible.builtin.lineinfile:
     path: /etc/security/limits.conf
     line: root        soft nofile 10240
-    backup: true
 
-- name: Set user level open file limits for {{ ansible_user }}
+- name: Set user level open file limits for {{ansible_user}}
   become: true
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/security/limits.conf
-    line: "{{ ansible_user }}        soft nofile 10240"
-    backup: true
+    line: "{{ansible_user}}        soft nofile 10240"
 
 # https://docs.oracle.com/en/database/oracle/oracle-database/12.2/ladbi/changing-kernel-parameter-values.html#GUID-FB0CC366-61C9-4AA2-9BE7-233EB6810A31
 - name: Setup file max
   become: true
-  lineinfile:
-    path: "/etc/sysctl.d/100-fs.conf"
+  ansible.builtin.lineinfile:
+    path: "/etc/sysctl.d/100-palm.conf"
     state: present
-    line: fs.file-max = 6815744
+    line: "fs.file-max = 6815744"
     create: true
 
 - name: Setup file max
   become: true
-  lineinfile:
-    path: "/etc/sysctl.d/100-fs.conf"
+  ansible.builtin.lineinfile:
+    path: "/etc/sysctl.d/100-palm.conf"
+    state: present
+    line: "fs.inotify.max_user_watches = 512000"
+    create: true
+
+- name: Setup vm max map count
+  become: true
+  ansible.builtin.lineinfile:
+    path: "/etc/sysctl.d/100-palm.conf"
+    state: present
+    line: "vm.max_map_count = 262144"
+    create: true
+
+- name: Setup vm over commit memory
+  become: true
+  ansible.builtin.lineinfile:
+    path: "/etc/sysctl.d/100-palm.conf"
     state: present
-    line: fs.inotify.max_user_watches = 512000
+    line: "vm.overcommit_memory = 1"
     create: true

deploy/roles/redis/tasks/main.yml

@@ -0,0 +1,50 @@
+- name: Install dependency packages
+  become: true
+  apt:
+    pkg:
+      - redis
+
+- name: disable redis-server service
+  become: true
+  ansible.builtin.systemd:
+    name: redis-server
+    enabled: no
+    state: "stopped"
+
+- name: create /var/lib/redis
+  become: true
+  ansible.builtin.file:
+    path: "/var/lib/redis/node-{{ app_redis_port }}"
+    owner: redis
+    group: redis
+    mode: "0750"
+    state: directory
+
+- name: upload /etc/redis.conf
+  become: true
+  template:
+    src: redis.conf.j2
+    dest: "/etc/redis/node-{{ app_redis_port }}.conf"
+    owner: redis
+    group: redis
+    mode: "0640"
+
+- name: upload systemd redis-server.service
+  become: true
+  template:
+    src: server.service.j2
+    dest: "/usr/lib/systemd/system/redis-server-{{ app_redis_port }}.service"
+    mode: "0644"
+
+- name: Force systemd to reread configs
+  become: true
+  systemd:
+    daemon_reload: yes
+
+- name: enable redis-cluster-node service
+  become: true
+  ansible.builtin.systemd:
+    name: "redis-server-{{ app_redis_port }}"
+    enabled: yes
+    masked: no
+    state: "restarted"

deploy/roles/redis/templates/redis.conf.j2

@@ -0,0 +1,13 @@
+bind 0.0.0.0
+port {{ app_redis_port }}
+protected-mode no
+dir /var/lib/redis/node-{{ app_redis_port }}
+logfile /var/log/redis/node-{{ app_redis_port }}.log
+pidfile /run/node-{{ app_redis_port }}.pid
+
+cluster-enabled yes
+cluster-config-file /etc/redis/cluster-{{ app_redis_port }}.conf
+cluster-node-timeout 5000
+
+appendonly yes
+appendfsync everysec

deploy/roles/redis/templates/server.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=Advanced key-value store
+After=network.target
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/redis-server /etc/redis/node-{{ app_redis_port }}.conf --supervised systemd --daemonize no
+PIDFile=/run/redis-node-{{ app_redis_port }}.pid
+TimeoutStartSec=180
+TimeoutStopSec=120
+Restart=always
+User=redis
+Group=redis
+
+[Install]
+WantedBy=multi-user.target

deploy/roles/ubuntu/tasks/armbian.yml

@@ -0,0 +1,14 @@
+- name: backup /boot/armbianEnv.txt
+  become: true
+  copy:
+    src: /boot/armbianEnv.txt
+    dest: "{{ ansible_env.HOME }}/backups/boot_armbianEnv_txt"
+    remote_src: yes
+    backup: yes
+
+- name: enable uart for armbian
+  become: true
+  lineinfile:
+    path: /boot/armbianEnv.txt
+    regexp: "^overlays="
+    line: overlays=usbhost2 usbhost3 uart1 uart2 analog-codec

deploy/roles/ubuntu/tasks/friendly-core.yml

@@ -0,0 +1,59 @@
+- name: backup serial-getty@ttyAMA0.service.d/autologin.conf
+  become: true
+  ansible.builtin.copy:
+    src: /etc/systemd/system/serial-getty@ttyAMA0.service.d/autologin.conf
+    dest: "{{ ansible_env.HOME }}/backups/ttyAMA0_autologin_conf"
+    remote_src: yes
+    backup: yes
+
+- name: disable autologin for ttyAMA0
+  become: true
+  ansible.builtin.replace:
+    path: /etc/systemd/system/serial-getty@ttyAMA0.service.d/autologin.conf
+    regexp: " --autologin pi "
+    replace: " "
+
+- name: backup getty@tty1.service.d/autologin.conf
+  become: true
+  ansible.builtin.copy:
+    src: /etc/systemd/system/getty@tty1.service.d/autologin.conf
+    dest: "{{ ansible_env.HOME }}/backups/tty1_autologin_conf"
+    remote_src: yes
+    backup: yes
+
+- name: disable autologin for tty1
+  become: true
+  ansible.builtin.replace:
+    path: /etc/systemd/system/getty@tty1.service.d/autologin.conf
+    regexp: " --autologin pi "
+    replace: " "
+
+- name: backup serial-getty@ttyS0.service.d/autologin.conf
+  become: true
+  ansible.builtin.copy:
+    src: /etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf
+    dest: "{{ ansible_env.HOME }}/backups/ttyS0_autologin_conf"
+    remote_src: yes
+    backup: yes
+
+- name: disable autologin for ttyS0
+  become: true
+  ansible.builtin.replace:
+    path: /etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf
+    regexp: " --autologin pi "
+    replace: " "
+
+- name: backup serial-getty@ttySAC0.service.d/autologin.conf
+  become: true
+  ansible.builtin.copy:
+    src: /etc/systemd/system/serial-getty@ttySAC0.service.d/autologin.conf
+    dest: "{{ ansible_env.HOME }}/backups/ttySAC0_autologin_conf"
+    remote_src: yes
+    backup: yes
+
+- name: disable autologin for ttySAC0
+  become: true
+  ansible.builtin.replace:
+    path: /etc/systemd/system/serial-getty@ttySAC0.service.d/autologin.conf
+    regexp: " --autologin pi "
+    replace: " "

deploy/roles/ubuntu/tasks/init.yml

@@ -1,6 +0,0 @@
-- name: create downloads folder
-  become: true
-  ansible.builtin.file:
-    path: "{{ app_downloads }}"
-    state: directory
-    owner: "{{ ansible_user }}"

deploy/roles/ubuntu/tasks/locales.yml

@@ -1,31 +1,36 @@
+- name: Backup locale.gen
+  become: true
+  copy:
+    src: /etc/locale.gen
+    dest: "{{ ansible_env.HOME }}/backups/etc_locale.gen"
+    remote_src: yes
+    backup: yes
+
 - name: Enable en-US locale
   become: true
-  ansible.builtin.lineinfile:
+  lineinfile:
     path: /etc/locale.gen
     state: present
     line: en_US.UTF-8 UTF-8
-    backup: true
 
 - name: Enable zh-CN locale
   become: true
-  ansible.builtin.lineinfile:
+  lineinfile:
     path: /etc/locale.gen
     state: present
     line: zh_CN.UTF-8 UTF-8
-    backup: true
 
 - name: Enable zh-TW locale
   become: true
-  ansible.builtin.lineinfile:
+  lineinfile:
     path: /etc/locale.gen
     state: present
     line: zh_TW.UTF-8 UTF-8
-    backup: true
 
 - name: Generate locales
   become: true
-  ansible.builtin.shell: locale-gen
+  shell: locale-gen
 
 - name: Use en_US as default locale
   become: true
-  ansible.builtin.shell: update-locale LANG=en_US.UTF-8
+  shell: update-locale LANG=en_US.UTF-8

deploy/roles/ubuntu/tasks/main.yml

@@ -1,40 +1,9 @@
-- import_tasks: init.yml
-
 - name: add PPA for Ubuntu Toolchain
   become: true
   ansible.builtin.apt_repository:
     repo: ppa:ubuntu-toolchain-r/test
   when: ansible_distribution == 'Ubuntu'
 
-# https://classic.yarnpkg.com/lang/en/docs/install/#debian-stable
-- name: Add an yarn signing key
-  become: true
-  ansible.builtin.apt_key:
-    url: https://dl.yarnpkg.com/debian/pubkey.gpg
-    state: present
-  when: ansible_distribution == 'Ubuntu'
-
-- name: Add an yarn package repository
-  become: true
-  ansible.builtin.lineinfile:
-    path: /etc/apt/sources.list.d/yarn.list
-    line: "deb https://dl.yarnpkg.com/debian/ stable main"
-    create: true
-  when: ansible_distribution == 'Ubuntu'
-
-- name: Install nodejs
-  become: true
-  community.general.snap:
-    name: node
-    classic: true
-
-- name: Update system
-  become: true
-  apt:
-    upgrade: yes
-    update_cache: yes
-    cache_valid_time: 3600
-
 - name: Install dependicy packages
   become: true
   apt:
@@ -42,8 +11,6 @@
       - apt-transport-https
       - software-properties-common
       - gnupg
-      - openssh-server
-      - openssh-client
       - sshpass
       - wpasupplicant
       - rsync
@@ -51,12 +18,14 @@
       - sysstat
       - libtool
       - ethtool
+      - nethogs
       - dnsutils
       - dnsmasq
       - uuid-runtime
       - lshw
       - tcpdump
       - lm-sensors
+      # - hddtemp NOT work on jammy
       - dmidecode
       - net-tools
       - iputils-arping
@@ -79,70 +48,75 @@
       - curl
       - zip
       - unzip
-      - nginx
-      - libnginx-mod-http-upstream-fair
-      - certbot
-      - python3-certbot-nginx
-      - openvpn
-      - snmpd
-      - mutt
       - systemd-cron
+      - systemd-timesyncd
+      - systemd-journal-remote
       - screen
       - tmux
       - hugo
-      - yarn
-      - python3
-      - python3-pip
-      - python3-distutils
+      - python3-full
       - python3-dev
+      - certbot
+      - python3-certbot-nginx
+      - build-essential
+      - pkg-config
+      - cmake
       - libssl-dev
       - libpq-dev
       - libmysqlclient-dev
-      - libevent-dev
+      - libsqlite3-dev
+      - libudev-dev
       - crun
       - podman
       - buildah
       - fuse-overlayfs
 
-- name: Install dependicy packages(>bionic)
-  become: true
-  apt:
-    pkg:
-      - systemd-timesyncd
-  # ansible_facts['distribution'] == "Ubuntu"
-  when: ansible_facts['distribution_major_version'] | int >= 20
-
-- import_tasks: locales.yml
+- include_tasks: locales.yml
 
 - name: Set default editor to vim
   become: true
   shell: update-alternatives --set editor /usr/bin/vim.basic
 
-- name: Set timezone
-  become: true
-  shell: timedatectl set-timezone UTC
-
 - name: Set git rebase mode
   become: true
   shell: git config --global pull.rebase false
 
-- import_tasks: zsh.yml
+- name: setup git to use http v1.1
+  shell: git config --global http.version HTTP/1.1
 
 # ---------------------------------------------------
 
-- name: enable nginx service
-  become: true
-  ansible.builtin.systemd:
-    name: nginx
-    enabled: yes
-    masked: no
+- name: check if friendlyelec
+  ansible.builtin.stat:
+    path: /etc/friendlyelec-release
+  register: app_os_friendlyelec
 
-- name: enable cron service
-  become: true
-  ansible.builtin.systemd:
-    name: cron
-    enabled: yes
-    masked: no
+- include_tasks: friendly-core.yml
+  when: app_os_friendlyelec.stat.islnk is defined and app_os_friendlyelec.stat.isreg
+
+- name: check if armbian
+  ansible.builtin.stat:
+    path: /etc/armbian-release
+  register: app_os_armbian
+
+- include_tasks: armbian.yml
+  when: app_os_armbian.stat.islnk is defined and app_os_armbian.stat.isreg
+
+- include_tasks: raspbian.yml
+  when: ansible_distribution == 'Raspbian'
+
+- include_tasks: pi.yml
+  when: ansible_distribution == 'Raspbian' or (app_os_armbian.stat.islnk is defined and app_os_armbian.stat.isreg) or (app_os_friendlyelec.stat.islnk is defined and app_os_friendlyelec.stat.isreg)
+
+# ---------------------------------------------------
+
+# FIXME failed on jammy
+# - name: enable cron service
+#   become: true
+#   ansible.builtin.systemd:
+#     name: cron
+#     enabled: yes
+#     masked: no
 
 - name: enable ssh service
   become: true
@@ -158,4 +132,4 @@
     enabled: yes
     masked: no
 
-- import_tasks: clean.yml
+- include_tasks: clean.yml

deploy/roles/ubuntu/tasks/pi.yml

@@ -0,0 +1,97 @@
+- name: Install dependicy packages
+  become: true
+  apt:
+    pkg:
+      - espeak-ng
+
+# --------------------------------------------
+
+- name: backup /etc/dhcp/dhclient.conf
+  become: true
+  ansible.builtin.copy:
+    src: /etc/dhcp/dhclient.conf
+    dest: "{{ ansible_env.HOME }}/backups/etc_dhcp_dhclient_conf"
+    remote_src: yes
+    backup: yes
+
+- name: enable option 72 for dhclient
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/dhcp/dhclient.conf
+    line: "also request www-server;"
+
+# --------------------------------------------
+
+- name: delete /etc/systemd/network
+  become: true
+  ansible.builtin.file:
+    path: /etc/systemd/network
+    state: absent
+
+- name: create /etc/systemd/network
+  become: true
+  ansible.builtin.file:
+    path: /etc/systemd/network
+    state: directory
+
+- name: Create a symbolic link
+  become: true
+  ansible.builtin.file:
+    src: /run/systemd/resolve/resolv.conf
+    dest: /etc/resolv.conf
+    state: link
+
+- name: disable dnsmasq service
+  become: true
+  ansible.builtin.systemd:
+    name: dnsmasq
+    enabled: no
+    masked: yes
+
+- name: disable NetworkManager service
+  become: true
+  ansible.builtin.systemd:
+    name: NetworkManager
+    enabled: no
+    masked: yes
+
+- name: enable systemd-networkd service
+  become: true
+  ansible.builtin.systemd:
+    name: systemd-networkd
+    enabled: yes
+    masked: no
+
+- name: enable systemd-resolved service
+  become: true
+  ansible.builtin.systemd:
+    name: systemd-resolved
+    enabled: yes
+    masked: no
+
+- name: enable wpa_supplicant@wlan0service
+  become: true
+  ansible.builtin.systemd:
+    name: wpa_supplicant@wlan0
+    enabled: yes
+    masked: no
+
+- name: enable openvpn@client service
+  become: true
+  ansible.builtin.systemd:
+    name: openvpn@client
+    enabled: yes
+    masked: no
+
+- name: Reboot
+  become: true
+  reboot:
+    reboot_timeout: 120
+
+- name: enable pulseaudio service
+  become: true
+  ansible.builtin.systemd:
+    name: pulseaudio
+    enabled: yes
+    masked: no
+    scope: user

deploy/roles/ubuntu/tasks/raspbian.yml

@@ -0,0 +1,52 @@
+# https://www.raspberrypi.org/documentation/configuration/uart.md
+
+- name: backup /boot/config.txt
+  become: true
+  ansible.builtin.copy:
+    src: /boot/config.txt
+    dest: "{{ ansible_env.HOME }}/backups/boot_config_txt"
+    remote_src: yes
+    backup: yes
+
+- name: enable uart
+  become: true
+  lineinfile:
+    path: /boot/config.txt
+    regexp: "^enable_uart="
+    line: enable_uart=1
+
+- name: disable bluetooth
+  become: true
+  lineinfile:
+    path: /boot/config.txt
+    regexp: "^dtoverlay="
+    line: dtoverlay=disable-bt
+
+- name: hidden splash message
+  become: true
+  lineinfile:
+    path: /boot/config.txt
+    regexp: "^disable_splash="
+    line: disable_splash=1
+
+- name: backup /boot/cmdline.txt
+  become: true
+  ansible.builtin.copy:
+    src: /boot/cmdline.txt
+    dest: "{{ ansible_env.HOME }}/backups/boot_cmdline_txt"
+    remote_src: yes
+    backup: yes
+
+- name: disable debug port & logo
+  become: true
+  ansible.builtin.replace:
+    path: /boot/cmdline.txt
+    regexp: "console=serial0,115200"
+    replace: "loglevel=3 logo.nologo"
+
+- name: disable hciuart service
+  become: true
+  ansible.builtin.systemd:
+    name: hciuart
+    enabled: no
+    masked: yes

deploy/roles/ubuntu/tasks/zsh.yml

@@ -1,37 +0,0 @@
-- name: Clone oh-my-zsh
-  git:
-    repo: https://github.com/robbyrussell/oh-my-zsh.git
-    dest: "{{ansible_env.HOME}}/.oh-my-zsh"
-
-# - name: Extract ohmyzsh
-#   unarchive:
-#     src: ohmyzsh-master.zip
-#     dest: "{{ansible_env.HOME}}/"
-
-# - name: Rename ohmyzsh
-#   command: mv ohmyzsh-master .oh-my-zsh
-#   args:
-#     chdir: "{{ansible_env.HOME}}"
-#     creates: .oh-my-zsh
-
-- name: Setup .zshrc
-  copy:
-    src: "{{ansible_env.HOME}}/.oh-my-zsh/templates/zshrc.zsh-template"
-    dest: "{{ansible_env.HOME}}/.zshrc"
-    remote_src: true
-    mode: 0600
-
-- name: Enable $HOME/.local
-  ansible.builtin.lineinfile:
-    path: "{{ansible_env.HOME}}/.zshrc"
-    line: 'export PATH=$HOME/.local/bin:$PATH'
-
-
-- name: Setup EDITOR
-  ansible.builtin.lineinfile:
-    path: "{{ansible_env.HOME}}/.zshrc"
-    line: 'export EDITOR=vim'
-
-- name: Use zsh
-  become: true
-  shell: chsh -s /bin/zsh {{ansible_user}}