From 254138315446a186a14080353eec3ca0748eb9e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Sun, 4 Apr 2021 10:59:09 +0000
Subject: Tinker doas and user for musl systems

---
 playbooks/workstation.yml                     |  2 +-
 roles/_workstation/env/tasks/main.yml         |  8 --------
 roles/_workstation/packages/defaults/main.yml |  2 ++
 roles/_workstation/sysconf/tasks/_void.yml    |  3 ++-
 roles/_workstation/sysconf/tasks/main.yml     | 11 +++++++++++
 5 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/playbooks/workstation.yml b/playbooks/workstation.yml
index a2722db..6363a71 100644
--- a/playbooks/workstation.yml
+++ b/playbooks/workstation.yml
@@ -15,7 +15,7 @@
       tags: sshdns
 
     - role: _workstation/env
-      tags: env
+      tags: env, always
 
     - role: _workstation/packages
       tags: packages
diff --git a/roles/_workstation/env/tasks/main.yml b/roles/_workstation/env/tasks/main.yml
index 35342df..3c54210 100644
--- a/roles/_workstation/env/tasks/main.yml
+++ b/roles/_workstation/env/tasks/main.yml
@@ -8,14 +8,6 @@
   stat: path=/usr/bin/doas 
   register: _workstation_env_become
 
-- name: retrieve original user
-  shell: logname
-  register: _workstation_env_user
-
-- name: register username original user
-  set_fact:
-    _workstation_env_user: "{{ _workstation_env_user.stdout }}"
-
 - name: retrieve host facts
   set_fact:
     #ansible_become_method: "{{ 'doas' if _workstation_env_become.stat.exists else 'sudo' }}"
diff --git a/roles/_workstation/packages/defaults/main.yml b/roles/_workstation/packages/defaults/main.yml
index e299c30..dc1f6c5 100644
--- a/roles/_workstation/packages/defaults/main.yml
+++ b/roles/_workstation/packages/defaults/main.yml
@@ -50,6 +50,7 @@ pkgs:
     - docker-compose
     - emacs
     - opendoas
+    - openntpd
     - pulseaudio
     - wireguard-tools
 
@@ -92,6 +93,7 @@ pkgs:
     - pcsc-tools
 
   void:
+    - alsa-plugins-pulseaudio
     - base-devel
     - gnupg2
     - seatd
diff --git a/roles/_workstation/sysconf/tasks/_void.yml b/roles/_workstation/sysconf/tasks/_void.yml
index 058f7c3..e05e2ef 100644
--- a/roles/_workstation/sysconf/tasks/_void.yml
+++ b/roles/_workstation/sysconf/tasks/_void.yml
@@ -13,9 +13,10 @@
 - name: append current user to system groups
   user:
     name: "{{ _workstation_env_user }}"
-    group: "{{ item }}"
+    groups: "{{ item }}"
     append: true
   loop:
     - _seatd
     - audio
     - video
+    - wheel
diff --git a/roles/_workstation/sysconf/tasks/main.yml b/roles/_workstation/sysconf/tasks/main.yml
index 0f61550..253cacd 100644
--- a/roles/_workstation/sysconf/tasks/main.yml
+++ b/roles/_workstation/sysconf/tasks/main.yml
@@ -17,6 +17,17 @@
     mode: 0644
     create: true
 
+- name: allow reboot/shutdown/hibernate with doas
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit nopass {{ _workstation_env_user }} as root cmd {{ item }}"
+    line: "permit nopass {{ _workstation_env_user }} as root cmd {{ item }}"
+  loop:
+    - zzz
+    - ZZZ
+    - reboot
+    - shutdown
+
 - name: start and enable pcscd service
   service:
     name: pcscd
-- 
cgit v1.2.3