chore: write version file pam_jit_pg

[staaldraad]

Write a version file for pam_jit_pg so that salt doesn't try overwrite when applying to an image that already has the library installed. Salt knows to check the version and only update if salt specifies a different version should be used.

Summary by CodeRabbit

• Chores
  • Create a version file recording the deployed gatekeeper/pam_jit_pg version during PostgreSQL setup in two installation paths.
  • Ensure the version file is owned by root for consistency and traceability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds two Ansible tasks in ansible/tasks/stage2-setup-postgres.yml that run a shell command to obtain the gatekeeper version and write that stdout to /root/pam_jit_pg-version with owner root:root: one after the pam_jit_pg symlink setup and one inside the gatekeeper-installation conditional (when not pg15).

Changes

Cohort / File(s)	Summary
Postgres setup — version emission ansible/tasks/stage2-setup-postgres.yml	Adds two tasks that run a shell to derive the gatekeeper version, register it, and write its stdout to /root/pam_jit_pg-version with owner root:root: one placed after the pam_jit_pg symlink setup and one inside the gatekeeper install block (non-pg15). Minor spacing/formatting tweaks only.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: adding version file writing for pam_jit_pg in the Ansible playbook.
Description check	✅ Passed	The description explains the rationale clearly but uses a non-standard format and doesn't follow the template structure with required sections.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@ansible/tasks/stage2-setup-postgres.yml`:
- Around line 179-185: The ansible task titled "Write version file" is using
ansible.builtin.copy with the wrong parameter name; replace the `path` key with
`dest` in the ansible.builtin.copy task (task "Write version file") and add an
explicit `mode` (e.g., "0644") alongside `owner: "root"` and `group: "root"` so
the copy module receives the required `dest` argument and file permissions are
explicit.