toansible: Add sudoers installation

2022-02-22 14:50:26 +01:00 · 2022-02-22 14:50:26 +01:00 · dd63aa5da8
commit dd63aa5da8
parent c45597d088
8 changed files with 18 additions and 19 deletions
--- a/configs.yml
+++ b/configs.yml
@ -1,12 +1,6 @@
 sudoers:
    - run:
-        - sudo sed "s/\$USER/$USER/g" $(ls dotfiles/sudoers.d/* | grep -v -e arch -e debian) | sudo tee /etc/sudoers.d/setup-cockpit >/dev/null 2>&1
-    - run:
-        command: sudo sed "s/\$USER/$USER/g" dotfiles/sudoers.d/*.arch | sudo tee -a /etc/sudoers.d/setup-cockpit >/dev/null 2>&1
-        condition: arch
-    - run:
-        command: sudo sed "s/\$USER/$USER/g" dotfiles/sudoers.d/*.debian | sudo tee -a /etc/sudoers.d/setup-cockpit >/dev/null 2>&1
-        condition: debian
+        - sudo sed "s/\$USER/$USER/g" dotfiles/sudoers.d/* | sudo tee /etc/sudoers.d/setup-cockpit >/dev/null 2>&1
    - run:
        - sudo chmod 600 /etc/sudoers.d/setup-cockpit

--- a/dotfiles/sudoers.d/bye.arch
+++ b/dotfiles/sudoers.d/bye.arch
@ -1,3 +0,0 @@
-## Use "sudo {shutdown,reboot,halt}" without needing a password.
-$USER ALL=(root) NOPASSWD:/usr/bin/reboot,/usr/bin/halt,/usr/bin/shutdown
-
--- a/dotfiles/sudoers.d/bye.debian
+++ b/dotfiles/sudoers.d/bye.debian
@ -1,3 +0,0 @@
-## Use "sudo {shutdown,reboot,halt}" without needing a password.
-$USER ALL=(root) NOPASSWD:/usr/sbin/reboot,/usr/sbin/halt,/usr/sbin/shutdown
-
--- a/dotfiles/sudoers.d/protonvpn
+++ b/dotfiles/sudoers.d/protonvpn
@ -1,5 +0,0 @@
-## Use "sudo protonvpn" without needing a password.
-## This is necessary to boot this setup, because "sudo protonvpn" is invoqued
-## in ~/.xinitrc before starting the WM.
-$USER ALL=(root) NOPASSWD:/usr/bin/protonvpn
-
--- a/playbook.yml
+++ b/playbook.yml
@ -24,3 +24,5 @@
      tags: firefox
    - role: tor
      tags: tor
+    - role: sudoers
+      tags: sudoers
--- a/roles/sudoers/files/insults
+++ b/roles/sudoers/files/insults
@ -1,3 +1,2 @@
 ## Replace the usual "Sorry, try again." with insults upon incorrect password.
 Defaults insults
-
--- a/roles/sudoers/tasks/main.yml
+++ b/roles/sudoers/tasks/main.yml
@ -0,0 +1,13 @@
+---
+
+- name: Copy sudoers templates
+  become: true
+  template:
+    src: bye.j2
+    dest: /etc/sudoers.d/bye
+
+- name: Copy sudoers files
+  become: true
+  copy:
+    src: insults
+    dest: /etc/sudoers.d/insults
--- a/roles/sudoers/templates/bye.j2
+++ b/roles/sudoers/templates/bye.j2
@ -0,0 +1,2 @@
+## Use "sudo {shutdown,reboot,halt}" without needing a password.
+{{ ansible_facts['env']['USER'] }} ALL=(root) NOPASSWD:/usr/sbin/reboot,/usr/sbin/halt,/usr/sbin/shutdown