From 43c36d268718dfa6e48ece254e1dccb188dd00a4 Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Sat, 8 Nov 2025 15:53:50 +0100
Subject: [PATCH] fix: Fix bool comparison and .env file permissions

- Change registry_accessible to string comparison ('true'/'false') instead of bool
- Fix 'argument of type bool is not iterable' error in when conditions
- Set correct owner/group for .env file (ansible_user instead of root)
- Fixes 'permission denied' error when docker compose reads .env file
---
 deployment/ansible/playbooks/deploy-image.yml | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/deployment/ansible/playbooks/deploy-image.yml b/deployment/ansible/playbooks/deploy-image.yml
index 4bca8b2e..759acdb2 100644
--- a/deployment/ansible/playbooks/deploy-image.yml
+++ b/deployment/ansible/playbooks/deploy-image.yml
@@ -80,12 +80,7 @@
 
     - name: Set registry accessible flag
       ansible.builtin.set_fact:
-        registry_accessible: >-
-          {%- if registry_check.status is defined and registry_check.status | int in [200, 401] -%}
-            true
-          {%- else -%}
-            false
-          {%- endif -%}
+        registry_accessible: "{{ 'true' if (registry_check.status is defined and registry_check.status | int in [200, 401]) else 'false' }}"
 
     - name: Login to Docker registry
       community.docker.docker_login:
@@ -94,7 +89,7 @@
         password: "{{ registry_password }}"
       when: 
         - registry_password | string | trim != ''
-        - registry_accessible | bool
+        - registry_accessible == 'true'
       no_log: yes
       ignore_errors: yes
       register: docker_login_result
@@ -104,7 +99,7 @@
         name: "{{ deploy_image }}"
         source: pull
         pull: true
-      when: registry_accessible is defined and registry_accessible | bool
+      when: registry_accessible == 'true'
       register: image_pull_result
       ignore_errors: yes
       failed_when: false
@@ -159,6 +154,8 @@
           MINIO_ROOT_USER={{ minio_root_user | default('minioadmin') }}
           MINIO_ROOT_PASSWORD={{ minio_root_password | default('') }}
           SECRETS_DIR={{ secrets_dir | default('./secrets') }}
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
         mode: '0600'
       when: not env_file_exists.stat.exists
       become: yes