From 7c1f7039170a25f192d87235476179f7cfe01a85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Sat, 10 Dec 2022 21:17:16 +0100 Subject: chore: explode workstation role in subroles --- roles/_workstation/doas/defaults/main.yml | 4 ++++ roles/_workstation/doas/tasks/main.yml | 34 +++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 roles/_workstation/doas/defaults/main.yml create mode 100644 roles/_workstation/doas/tasks/main.yml (limited to 'roles/_workstation/doas') diff --git a/roles/_workstation/doas/defaults/main.yml b/roles/_workstation/doas/defaults/main.yml new file mode 100644 index 0000000..9585cd1 --- /dev/null +++ b/roles/_workstation/doas/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +doas_workstation_user: null +doas_configuration_file: /etc/doas.conf diff --git a/roles/_workstation/doas/tasks/main.yml b/roles/_workstation/doas/tasks/main.yml new file mode 100644 index 0000000..e65a510 --- /dev/null +++ b/roles/_workstation/doas/tasks/main.yml @@ -0,0 +1,34 @@ +- name: generate doas configuration + ansible.builtin.lineinfile: + path: "{{ doas_configuration_file }}" + regexp: "^permit persist keepenv {{ doas_workstation_user }} as root" + line: "permit persist keepenv {{ doas_workstation_user }} as root" + create: true + mode: 0644 + owner: 0 + group: 0 + +- name: allow reboot/shutdown/hibernate with doas + ansible.builtin.lineinfile: + path: "{{ doas_configuration_file }}" + regexp: "^permit nopass {{ doas_workstation_user }} as root cmd {{ item }}" + line: "permit nopass {{ doas_workstation_user }} as root cmd {{ item }}" + loop: + - ZZZ + - mount + - reboot + - shutdown + - zzz + +- name: check sudo binary path # noqa no-changed-when + ansible.builtin.command: command -v sudo + register: result + failed_when: false + +- name: uninstall sudo binary + ansible.builtin.package: + name: sudo + state: absent + when: result.rc == 0 + register: sudo + ignore_errors: true -- cgit v1.2.3