Refactor portainer.yml and miniplay: remove hardcoded passwords for security, update comments for clarity, and enhance task descriptions.

host_vars/portainer.yml

@@ -1,19 +1,13 @@
 ansible_user: howard
-ansible_password: "Papadopolus0"         # English: SSH password for howard@portainer
 ansible_connection: ssh
 ansible_port: 22
+ansible_ssh_private_key_file: "/var/lib/semaphore/.ssh/<tvuj_klic>"  # English: private key path on Semaphore host
 ansible_ssh_common_args: >-
   -o StrictHostKeyChecking=no
   -o UserKnownHostsFile=/dev/null
   -J root@192.168.69.2
 
-# English: We escalate to root via sudo.
+# Only keep become if needed:
 ansible_become: true
 ansible_become_method: sudo
-
-# English: SUDO password for howard (often same as SSH password; change if different).
-ansible_become_password: "Papadopolus0"
-
-# (Optional, for older installs—harmless to keep both)
-ansible_ssh_pass: "Papadopolus0"
-ansible_sudo_pass: "Papadopolus0"
+# ansible_become_password: "..."  # only if sudo requires password

nextcloud/collections/miniplay

@@ -1,10 +1,11 @@
 ---
-- name: Sanity check SSH + sudo on portainer
+- name: Sanity: pure SSH and then sudo
   hosts: nextcloud_host
   gather_facts: false
 
   tasks:
-    - name: Who am I as SSH user?
+    - name: Who am I as SSH user? (no sudo)
+      become: false
       ansible.builtin.command: whoami
       changed_when: false
       register: who
@@ -12,7 +13,7 @@
     - ansible.builtin.debug:
         msg: "SSH user is: {{ who.stdout }}"
 
-    - name: Who am I with sudo?
+    - name: Who am I with sudo? (explicit become)
       become: true
       become_method: sudo
       ansible.builtin.command: whoami