roles: Add workstation role

author: Romain Gonçalves <me@rgoncalves.se> 2021-12-04 14:01:47 +0000
committer: Romain Gonçalves <me@rgoncalves.se> 2021-12-05 09:33:30 +0000
commit: 5c2e3443bedf0ef6a34888ea30361af7da314748 (patch)
tree: e792d59b44ef63981ccddbe39256a5f859df1f79 /roles/workstation/tasks/doas.yml
parent: edf06330b130c6499cf5166d63a3d106555df513 (diff)
download: rules-5c2e3443bedf0ef6a34888ea30361af7da314748.tar.gz
1 files changed, 34 insertions, 0 deletions
diff --git a/roles/workstation/tasks/doas.yml b/roles/workstation/tasks/doas.yml
new file mode 100644
index 0000000..bc72d7f
--- /dev/null
+++ b/roles/workstation/tasks/doas.yml
@@ -0,0 +1,34 @@
+- name: generate doas configuration
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit persist keepenv {{ workstation_user }} as root"
+    line: "permit persist keepenv {{ workstation_user }} as root"
+    create: true
+    mode: 0644
+    owner: 0
+    group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit nopass {{ workstation_user }} as root cmd {{ item }}"
+    line: "permit nopass {{ workstation_user }} as root cmd {{ item }}"
+  loop:
+    - ZZZ
+    - mount
+    - reboot
+    - shutdown
+    - zzz
+
+- name: check sudo binary path  # noqa no-changed-when
+  command: command -v sudo
+  register: result
+  failed_when: false
+
+- name: uninstall sudo binary
+  package:
+    name: sudo
+    state: absent
+  when: result.rc == 0
+  register: sudo
+  ignore_errors: true
author	Romain Gonçalves <me@rgoncalves.se>	2021-12-04 14:01:47 +0000
committer	Romain Gonçalves <me@rgoncalves.se>	2021-12-05 09:33:30 +0000
commit	5c2e3443bedf0ef6a34888ea30361af7da314748 (patch)
tree	e792d59b44ef63981ccddbe39256a5f859df1f79 /roles/workstation/tasks/doas.yml
parent	edf06330b130c6499cf5166d63a3d106555df513 (diff)
download	rules-5c2e3443bedf0ef6a34888ea30361af7da314748.tar.gz