path: root/roles/_workstation/doas/tasks/main.yml

---

- name: generate doas configuration
  ansible.builtin.lineinfile:
    path: "{{ doas_configuration_file }}"
    regexp: "^permit persist keepenv {{ doas_workstation_user }} as root"
    line: "permit persist keepenv {{ doas_workstation_user }} as root"
    create: true
    mode: 0644
    owner: 0
    group: 0

- name: allow reboot/shutdown/hibernate with doas
  ansible.builtin.lineinfile:
    path: "{{ doas_configuration_file }}"
    regexp: "^permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
    line: "permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
  loop:
    - ZZZ
    - mount
    - reboot
    - shutdown
    - zzz

- name: check sudo binary path  # noqa no-changed-when
  ansible.builtin.command: command -v sudo
  register: result
  failed_when: false

- name: uninstall sudo binary
  ansible.builtin.package:
    name: sudo
    state: absent
  when: result.rc == 0
  register: sudo
  ignore_errors: true