Add custom_etc and users last

Change message about whether it is a meta package or not
2025-12-15 16:46:39 +11:00 · 2025-12-15 16:28:10 +11:00
2 changed files with 11 additions and 11 deletions
--- a/enroll/harvest.py
+++ b/enroll/harvest.py
@ -392,7 +392,7 @@ def harvest(bundle_dir: str, policy: Optional[SecretPolicy] = None) -> str:
        )
    # -------------------------
-    # Manual package roles
+    # Manually installed package roles
    # -------------------------
    manual_pkgs = list_manual_packages()
    # Avoid duplicate roles: if a manual package is already managed by any service role, skip its pkg_<name> role.
@ -488,7 +488,7 @@ def harvest(bundle_dir: str, policy: Optional[SecretPolicy] = None) -> str:
        if not pkg_to_etc_paths.get(pkg, []) and not managed:
            notes.append(
-                "No /etc files detected for this package (may be a meta package)."
+                "No /etc files detected for this package."
            )
        pkg_snaps.append(
--- a/enroll/manifest.py
+++ b/enroll/manifest.py
@ -149,7 +149,7 @@ users_accounts:
            lines.append(f"    group: {u.get('primary_group')}")
            lines.append("    mode: '0700'")
-        # Copy harvested SSH public material (authorized_keys + *.pub)
+        # Copy harvested SSH public material (authorized_keys)
        for mf in managed_files:
            dest = mf["path"]
            src = mf["src_rel"]
@ -225,7 +225,7 @@ Generated non-system user accounts and SSH public material.
        manifested_users_roles.append(role)
-        # -------------------------
+    # -------------------------
    # etc_custom role (unowned /etc not already attributed)
    # -------------------------
    if etc_custom_snapshot and etc_custom_snapshot.get("managed_files"):
@ -439,7 +439,7 @@ Generated from `{unit}`.
        manifested_service_roles.append(role)
    # -------------------------
-    # Manual package roles
+    # Manually installed package roles
    # -------------------------
    for pr in package_roles:
        role = pr["role_name"]
@ -490,7 +490,7 @@ Generated from `{unit}`.
        task_parts: List[str] = []
        task_parts.append(
            f"""---
- name: Install manual package {pkg}
+- name: Install package {pkg}
  ansible.builtin.apt:
    name: "{{{{ {var_prefix}_packages }}}}"
    state: present
@ -525,7 +525,7 @@ Generated from `{unit}`.
        notes = pr.get("notes", [])
        readme = f"""# {role}
-Generated for manual package `{pkg}`.
+Generated for package `{pkg}`.
 ## Managed files
 {os.linesep.join("- " + mf["path"] + " (" + mf["reason"] + ")" for mf in managed_files) or "- (none)"}
@ -536,7 +536,7 @@ Generated for manual package `{pkg}`.
 ## Notes
 {os.linesep.join("- " + n for n in notes) or "- (none)"}
-> Note: package roles do not attempt to restart or enable services automatically.
+> Note: package roles (those not discovered via a systemd service) do not attempt to restart or enable services automatically.
 """
        with open(os.path.join(role_dir, "README.md"), "w", encoding="utf-8") as f:
            f.write(readme)
@ -546,8 +546,8 @@ Generated for manual package `{pkg}`.
    # Playbooks
    _write_playbook(
        os.path.join(out_dir, "playbook.yml"),
-        manifested_users_roles
+        manifested_pkg_roles
        + manifested_service_roles
        + manifested_etc_custom_roles
-        + manifested_pkg_roles
+        + manifested_users_roles,
        + manifested_service_roles,
    )
Author	SHA1	Message	Date
Miguel Jacq	4882ddff49	Add custom_etc and users last Some checks failed Lint / test (push) Failing after 28s Details Trivy / test (push) Successful in 18s Details CI / test (push) Successful in 5m5s Details	2025-12-15 16:46:39 +11:00
Miguel Jacq	651549b949	Change message about whether it is a meta package or not	2025-12-15 16:28:10 +11:00