1 files changed, 43 insertions, 0 deletions

diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml
new file mode 100644
index 0000000..c8c5ffd
--- /dev/null
+++ b/roles/workstation/tasks/sysconf.yml
@@ -0,0 +1,43 @@
+- name: include operating system sensible task
+  include_tasks: "_{{ ansible_distribution | lower }}.yml"
+  tags: sysconf
+
+- name: generate doas configuration
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit persist keepenv {{ ws_user }} as root"
+    line: "permit persist keepenv {{ ws_user }} as root"
+    create: true
+    mode: "0644"
+    owner: 0
+    group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}"
+    line: "permit nopass {{ ws_user }} as root cmd {{ item }}"
+  loop:
+    - zzz
+    - ZZZ
+    - reboot
+    - shutdown
+
+- name: start and enable pcscd service
+  service:
+    name: pcscd
+    state: started
+    enabled: true
+
+- name: check sudo binary path
+  shell: which sudo
+  register: result
+  failed_when: false
+
+- name: uninstall sudo binary
+  package:
+    name: sudo
+    state: absent
+  when: result.rc == 0
+  register: sudo
+  ignore_errors: true