aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2021-04-04 10:59:09 +0000
committerRomain Gonçalves <me@rgoncalves.se>2021-04-04 10:59:09 +0000
commit254138315446a186a14080353eec3ca0748eb9e4 (patch)
treee9a357394771d85a9615761a58b9775f692a0b97 /roles
parent1ba9c51c8c8e349ebe5e7b6dd7b48e7d1a2aa396 (diff)
downloadinfrastructure-254138315446a186a14080353eec3ca0748eb9e4.tar.gz
Tinker doas and user for musl systems
Diffstat (limited to 'roles')
-rw-r--r--roles/_workstation/env/tasks/main.yml8
-rw-r--r--roles/_workstation/packages/defaults/main.yml2
-rw-r--r--roles/_workstation/sysconf/tasks/_void.yml3
-rw-r--r--roles/_workstation/sysconf/tasks/main.yml11
4 files changed, 15 insertions, 9 deletions
diff --git a/roles/_workstation/env/tasks/main.yml b/roles/_workstation/env/tasks/main.yml
index 35342df..3c54210 100644
--- a/roles/_workstation/env/tasks/main.yml
+++ b/roles/_workstation/env/tasks/main.yml
@@ -8,14 +8,6 @@
stat: path=/usr/bin/doas
register: _workstation_env_become
-- name: retrieve original user
- shell: logname
- register: _workstation_env_user
-
-- name: register username original user
- set_fact:
- _workstation_env_user: "{{ _workstation_env_user.stdout }}"
-
- name: retrieve host facts
set_fact:
#ansible_become_method: "{{ 'doas' if _workstation_env_become.stat.exists else 'sudo' }}"
diff --git a/roles/_workstation/packages/defaults/main.yml b/roles/_workstation/packages/defaults/main.yml
index e299c30..dc1f6c5 100644
--- a/roles/_workstation/packages/defaults/main.yml
+++ b/roles/_workstation/packages/defaults/main.yml
@@ -50,6 +50,7 @@ pkgs:
- docker-compose
- emacs
- opendoas
+ - openntpd
- pulseaudio
- wireguard-tools
@@ -92,6 +93,7 @@ pkgs:
- pcsc-tools
void:
+ - alsa-plugins-pulseaudio
- base-devel
- gnupg2
- seatd
diff --git a/roles/_workstation/sysconf/tasks/_void.yml b/roles/_workstation/sysconf/tasks/_void.yml
index 058f7c3..e05e2ef 100644
--- a/roles/_workstation/sysconf/tasks/_void.yml
+++ b/roles/_workstation/sysconf/tasks/_void.yml
@@ -13,9 +13,10 @@
- name: append current user to system groups
user:
name: "{{ _workstation_env_user }}"
- group: "{{ item }}"
+ groups: "{{ item }}"
append: true
loop:
- _seatd
- audio
- video
+ - wheel
diff --git a/roles/_workstation/sysconf/tasks/main.yml b/roles/_workstation/sysconf/tasks/main.yml
index 0f61550..253cacd 100644
--- a/roles/_workstation/sysconf/tasks/main.yml
+++ b/roles/_workstation/sysconf/tasks/main.yml
@@ -17,6 +17,17 @@
mode: 0644
create: true
+- name: allow reboot/shutdown/hibernate with doas
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit nopass {{ _workstation_env_user }} as root cmd {{ item }}"
+ line: "permit nopass {{ _workstation_env_user }} as root cmd {{ item }}"
+ loop:
+ - zzz
+ - ZZZ
+ - reboot
+ - shutdown
+
- name: start and enable pcscd service
service:
name: pcscd
remember that computers suck.