aboutsummaryrefslogtreecommitdiffstats
path: root/roles/_workstation/doas/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/_workstation/doas/tasks')
-rw-r--r--roles/_workstation/doas/tasks/main.yml34
1 files changed, 34 insertions, 0 deletions
diff --git a/roles/_workstation/doas/tasks/main.yml b/roles/_workstation/doas/tasks/main.yml
new file mode 100644
index 0000000..e65a510
--- /dev/null
+++ b/roles/_workstation/doas/tasks/main.yml
@@ -0,0 +1,34 @@
+- name: generate doas configuration
+ ansible.builtin.lineinfile:
+ path: "{{ doas_configuration_file }}"
+ regexp: "^permit persist keepenv {{ doas_workstation_user }} as root"
+ line: "permit persist keepenv {{ doas_workstation_user }} as root"
+ create: true
+ mode: 0644
+ owner: 0
+ group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+ ansible.builtin.lineinfile:
+ path: "{{ doas_configuration_file }}"
+ regexp: "^permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
+ line: "permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
+ loop:
+ - ZZZ
+ - mount
+ - reboot
+ - shutdown
+ - zzz
+
+- name: check sudo binary path # noqa no-changed-when
+ ansible.builtin.command: command -v sudo
+ register: result
+ failed_when: false
+
+- name: uninstall sudo binary
+ ansible.builtin.package:
+ name: sudo
+ state: absent
+ when: result.rc == 0
+ register: sudo
+ ignore_errors: true
remember that computers suck.