Deprecate sudo for doas/opendoas

2 files changed, 28 insertions, 5 deletions

diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
index 2789c9b..6b8d28f 100644
--- a/roles/workstation/tasks/main.yml
+++ b/roles/workstation/tasks/main.yml
@@ -16,11 +16,33 @@
   set_fact:
     ansible_become_method: "{{ 'doas' if ws_become.stat.exists else 'sudo' }}"
     ansible_become_user: root
-    ws_user: ws_user.results.stdout
+    ws_user: "{{ ws_user.stdout }}"
 
 - name: include distribution specific task
   include_tasks: "_{{ ansible_distribution | lower }}.yml"
   ignore_errors: true
 
+- name: generate doas configuration
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit persist keepenv {{ ws_user }} as root"
+    line: "permit persist keepenv {{ ws_user }} as root"
+    owner: root
+    mode: 0644
+    create: true
+
+- name: check sudo binary path
+  shell: which sudo
+  register: sudo
+  ignore_errors: true
+
+- name: uninstall sudo binary
+  package:
+    name: sudo
+    state: absent
+  when: sudo.rc == 0
+  register: sudo
+  ignore_errors: true
+
 - name: setup dotfiles from upstream and user script
   meta: end_host
diff --git a/roles/workstation/vars/main.yml b/roles/workstation/vars/main.yml
index c07c363..0c0fd33 100644
--- a/roles/workstation/vars/main.yml
+++ b/roles/workstation/vars/main.yml
@@ -7,7 +7,6 @@
 pkgs_common:
   # desktop (backup over dwm)
   - bemenu
-  - i3
   - i3status
   # editor
   - neovim
@@ -38,12 +37,12 @@ pkgs_common:
   - zsh
 
 pkgs_archlinux:
-  # devel
-  - base-devel
+  # desktop
+  - i3-wm
   # editor
   - emacs
   # sys
-  - base
+  - opendoas
   # python
   - python-jedi
   - python-neovim
@@ -53,6 +52,8 @@ pkgs_archlinux:
   - wireguard-dkms
 
 pkgs_openbsd:
+  # desktop
+  - i3
   # devel
   - automake--%1.16
   - clang-tools-extra