aboutsummaryrefslogtreecommitdiffstats
path: root/roles/workstation/tasks/doas.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/workstation/tasks/doas.yml')
-rw-r--r--roles/workstation/tasks/doas.yml34
1 files changed, 34 insertions, 0 deletions
diff --git a/roles/workstation/tasks/doas.yml b/roles/workstation/tasks/doas.yml
new file mode 100644
index 0000000..bc72d7f
--- /dev/null
+++ b/roles/workstation/tasks/doas.yml
@@ -0,0 +1,34 @@
+- name: generate doas configuration
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit persist keepenv {{ workstation_user }} as root"
+ line: "permit persist keepenv {{ workstation_user }} as root"
+ create: true
+ mode: 0644
+ owner: 0
+ group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit nopass {{ workstation_user }} as root cmd {{ item }}"
+ line: "permit nopass {{ workstation_user }} as root cmd {{ item }}"
+ loop:
+ - ZZZ
+ - mount
+ - reboot
+ - shutdown
+ - zzz
+
+- name: check sudo binary path # noqa no-changed-when
+ command: command -v sudo
+ register: result
+ failed_when: false
+
+- name: uninstall sudo binary
+ package:
+ name: sudo
+ state: absent
+ when: result.rc == 0
+ register: sudo
+ ignore_errors: true
remember that computers suck.