diff options
author | Romain Gonçalves <me@rgoncalves.se> | 2021-08-16 14:58:34 +0200 |
---|---|---|
committer | Romain Gonçalves <me@rgoncalves.se> | 2021-08-23 15:54:50 +0200 |
commit | 35d536c4f1f02c0ddabaf7ffa9498d05db2823f1 (patch) | |
tree | 708894d9939c3334c5251519dca95126403497bd /roles/workstation/tasks/sysconf.yml | |
parent | c2994b1f3220dc92f2faddb50ad355f44db9f44a (diff) | |
download | old-infrastructure-35d536c4f1f02c0ddabaf7ffa9498d05db2823f1.tar.gz |
roles/workstation: Monolithic role for workstation
Diffstat (limited to 'roles/workstation/tasks/sysconf.yml')
-rw-r--r-- | roles/workstation/tasks/sysconf.yml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml new file mode 100644 index 0000000..c8c5ffd --- /dev/null +++ b/roles/workstation/tasks/sysconf.yml @@ -0,0 +1,43 @@ +- name: include operating system sensible task + include_tasks: "_{{ ansible_distribution | lower }}.yml" + tags: sysconf + +- name: generate doas configuration + lineinfile: + path: /etc/doas.conf + regexp: "^permit persist keepenv {{ ws_user }} as root" + line: "permit persist keepenv {{ ws_user }} as root" + create: true + mode: "0644" + owner: 0 + group: 0 + +- name: allow reboot/shutdown/hibernate with doas + lineinfile: + path: /etc/doas.conf + regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}" + line: "permit nopass {{ ws_user }} as root cmd {{ item }}" + loop: + - zzz + - ZZZ + - reboot + - shutdown + +- name: start and enable pcscd service + service: + name: pcscd + state: started + enabled: true + +- name: check sudo binary path + shell: which sudo + register: result + failed_when: false + +- name: uninstall sudo binary + package: + name: sudo + state: absent + when: result.rc == 0 + register: sudo + ignore_errors: true |