From 88eed6b06b6780fb67413e90f57e55bdd3b6c81d Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sat, 13 Sep 2025 17:47:23 -0700
Subject: Fix tasks permissions

---
 tasks/copy-rendered-templates-recursive.yml | 4 +++-
 tasks/manage-docker-compose-service.yml     | 3 +++
 tasks/manage-docker-swarm-service.yml       | 2 ++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/tasks/copy-rendered-templates-recursive.yml b/tasks/copy-rendered-templates-recursive.yml
index 57322cd..b255fab 100644
--- a/tasks/copy-rendered-templates-recursive.yml
+++ b/tasks/copy-rendered-templates-recursive.yml
@@ -85,12 +85,14 @@
     recursive: true
 
 - name: Ensure destination exists
+  become: true
   ansible.builtin.file:
     path: "{{ destination_dir }}"
     owner: "{{ owner }}"
     state: directory
 
 - name: Copy files to final destination, preserving ownership stuff
+  become: true
   ansible.builtin.command:
     cmd: bash -c 'cp -rp {{ tempdir.path }}/* {{ destination_dir }}/'
 
@@ -102,7 +104,7 @@
     state: absent
 
 - name: Remove remote temporary directory
+  become: true
   ansible.builtin.file:
     path: "{{ tempdir.path }}"
     state: absent
-
diff --git a/tasks/manage-docker-compose-service.yml b/tasks/manage-docker-compose-service.yml
index d53bc94..937340b 100644
--- a/tasks/manage-docker-compose-service.yml
+++ b/tasks/manage-docker-compose-service.yml
@@ -2,6 +2,7 @@
 
 - name: "Copy rendered templates for {{ service_name }}"
   ansible.builtin.import_tasks: copy-rendered-templates-recursive.yml
+  become: true
   vars:
     owner: "{{ service_owner | default('1000') }}"
     mode: "{{ file_mode | default('777') }}"
@@ -9,6 +10,7 @@
     destination_dir: "{{ service_destination_dir }}"
 
 - name: "Ensure {{ service_name }} service is enabled and started"
+  become: true
   ansible.builtin.systemd_service:
     state: "{{ state | default('restarted') }}"
     enabled: true
@@ -16,6 +18,7 @@
     name: "docker-compose@{{ service_name }}"
 
 - name: "Perform rollout for {{ service_name }}"
+  become: true
   with_items: "{{ rollout_services | default([]) }}"
   ansible.builtin.shell:
     cmd: "/usr/local/bin/docker-rollout rollout -f docker-compose.yml {{ item.rollout_extra_args | default('') }} {{ item.name }}"
diff --git a/tasks/manage-docker-swarm-service.yml b/tasks/manage-docker-swarm-service.yml
index 811ec8b..6329dd3 100644
--- a/tasks/manage-docker-swarm-service.yml
+++ b/tasks/manage-docker-swarm-service.yml
@@ -2,6 +2,7 @@
 
 - name: "Copy rendered templates for {{ service_name }}"
   ansible.builtin.import_tasks: copy-rendered-templates-recursive.yml
+  become: true
   vars:
     owner: "{{ service_owner | default('1000') }}"
     mode: "{{ file_mode | default('777') }}"
@@ -9,6 +10,7 @@
     destination_dir: "{{ service_destination_dir }}"
 
 - name: "Deploy stack for {{ service_name }}"
+  become: true
   ansible.builtin.command:
     cmd: "docker stack deploy --with-registry-auth --prune --detach=false --resolve-image=always --compose-file {{ stack_file | default(service_destination_dir + '/stacks/docker-compose.yml') }} {{ service_name }}"
   register: stack_result
-- 
cgit v1.2.3-70-g09d2