chore: explode workstation role in subroles

1 files changed, 34 insertions, 0 deletions

diff --git a/roles/_workstation/doas/tasks/main.yml b/roles/_workstation/doas/tasks/main.yml
new file mode 100644
index 0000000..e65a510
--- /dev/null
+++ b/roles/_workstation/doas/tasks/main.yml
@@ -0,0 +1,34 @@
+- name: generate doas configuration
+  ansible.builtin.lineinfile:
+    path: "{{ doas_configuration_file }}"
+    regexp: "^permit persist keepenv {{ doas_workstation_user }} as root"
+    line: "permit persist keepenv {{ doas_workstation_user }} as root"
+    create: true
+    mode: 0644
+    owner: 0
+    group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+  ansible.builtin.lineinfile:
+    path: "{{ doas_configuration_file }}"
+    regexp: "^permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
+    line: "permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
+  loop:
+    - ZZZ
+    - mount
+    - reboot
+    - shutdown
+    - zzz
+
+- name: check sudo binary path  # noqa no-changed-when
+  ansible.builtin.command: command -v sudo
+  register: result
+  failed_when: false
+
+- name: uninstall sudo binary
+  ansible.builtin.package:
+    name: sudo
+    state: absent
+  when: result.rc == 0
+  register: sudo
+  ignore_errors: true