From a4184d30514b704aaa0da62122fd96b7333fca07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Fri, 8 Oct 2021 23:28:55 +0200
Subject: [PATCH 1/3] Use the deploy_user variable instead of "deploy"

This way it will work when overwriting the value of `deploy_user`.
---
 user.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/user.yml b/user.yml
index 4f4372d0..184e09ed 100644
--- a/user.yml
+++ b/user.yml
@@ -2,4 +2,4 @@
   hosts: all
   become: yes
   roles:
-    - { role: user, when: ansible_user != "deploy" }
+    - { role: user, when: ansible_user != deploy_user }

From dab44845497479971b77568f65a049994d6cb0cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Fri, 8 Oct 2021 23:33:51 +0200
Subject: [PATCH 2/3] Allow configuring the group used by the deploy user

This way it's easier to change the group without having to change many
files. And, after all, the `wheel` group doesn't exist by default on
Ubuntu.
---
 group_vars/all                   |  1 +
 roles/errbit/tasks/main.yml      |  2 +-
 roles/letsencrypt/tasks/main.yml |  2 +-
 roles/nginx/tasks/main.yml       |  2 +-
 roles/user/tasks/main.yml        | 12 ++++++------
 5 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/group_vars/all b/group_vars/all
index c4fd1a73..4339707c 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -11,6 +11,7 @@ locale: en_US.UTF-8
 # General settings
 env: production
 deploy_user: deploy
+deploy_group: wheel
 home_dir: "/home/{{ deploy_user }}"
 deploy_server_hostname: 127.0.0.1
 consul_dir: "{{ home_dir }}/{{ app_name }}"
diff --git a/roles/errbit/tasks/main.yml b/roles/errbit/tasks/main.yml
index 7b4aa8ee..c62db2f8 100644
--- a/roles/errbit/tasks/main.yml
+++ b/roles/errbit/tasks/main.yml
@@ -121,7 +121,7 @@
     src: "{{ playbook_dir }}/roles/errbit/templates/errbit.example.com"
     dest: /etc/nginx/sites-enabled/errbit
     owner: "{{ deploy_user }}"
-    group: wheel
+    group: "{{ deploy_group }}"
 
 - name: Restart Nginx
   become: true
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
index 7673003f..0a8c5e06 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@@ -63,7 +63,7 @@
         src: "{{ playbook_dir }}/roles/letsencrypt/templates/options-ssl-nginx.conf"
         dest: /etc/letsencrypt/options-ssl-nginx.conf
         owner: "{{ deploy_user }}"
-        group: wheel
+        group: "{{ deploy_group }}"
 
     - name: Generate /etc/ssl/certs/dhparam.pem (this may take a few minutes)
       command: openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 2048
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 0c369420..c79915ad 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -9,7 +9,7 @@
     src: "{{ playbook_dir }}/roles/nginx/templates/consul_vhost.j2"
     dest: /etc/nginx/sites-enabled/default
     owner: "{{ deploy_user }}"
-    group: wheel
+    group: "{{ deploy_group }}"
 
 - name: Restart Nginx
   service:
diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml
index 36c9fcd5..afd752ce 100644
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@@ -1,20 +1,20 @@
 ---
-- name: Make sure we have a 'wheel' group
+- name: Make sure we have a '{{ deploy_group }}' group
   group:
-    name: wheel
+    name: "{{ deploy_group }}"
     state: present
 
-- name: Allow 'wheel' group to have passwordless sudo
+- name: Allow '{{ deploy_group }}' group to have passwordless sudo
   lineinfile:
     dest: /etc/sudoers
     state: present
-    regexp: '^%wheel'
-    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
+    regexp: '^%{{ deploy_group }}'
+    line: '%{{ deploy_group }} ALL=(ALL) NOPASSWD: ALL'
 
 - name: Create the deploy user
   user:
     name: "{{ deploy_user }}"
-    group: wheel
+    group: "{{ deploy_group }}"
     state: present
     shell: /bin/bash
 

From ee98ffdce0aeba06487586870cdd8508fe542b3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Thu, 4 Nov 2021 15:23:43 +0100
Subject: [PATCH 3/3] Update link to line to change the deploy user

The line number was changed in commit 7785f3250.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6e294039..b0735947 100644
--- a/README.md
+++ b/README.md
@@ -283,7 +283,7 @@ If you do not have `root` access, you will need your system administrator to gra
 
 ## Using a different user than deploy
 
-Change the variable [deploy_user](https://github.com/consul/installer/blob/1.3.1/group_vars/all#L12) to the username you would like to use.
+Change the variable [deploy_user](https://github.com/consul/installer/blob/1.3.1/group_vars/all#L13) to the username you would like to use.
 
 ## Ansible Documentation