From dd63aa5da8e10e22b719594f671dc1156a38c02a Mon Sep 17 00:00:00 2001 From: "flyingscorpio@clevo" Date: Tue, 22 Feb 2022 14:50:26 +0100 Subject: [PATCH] toansible: Add sudoers installation --- configs.yml | 8 +------- dotfiles/sudoers.d/bye.arch | 3 --- dotfiles/sudoers.d/bye.debian | 3 --- dotfiles/sudoers.d/protonvpn | 5 ----- playbook.yml | 2 ++ {dotfiles/sudoers.d => roles/sudoers/files}/insults | 1 - roles/sudoers/tasks/main.yml | 13 +++++++++++++ roles/sudoers/templates/bye.j2 | 2 ++ 8 files changed, 18 insertions(+), 19 deletions(-) delete mode 100644 dotfiles/sudoers.d/bye.arch delete mode 100644 dotfiles/sudoers.d/bye.debian delete mode 100644 dotfiles/sudoers.d/protonvpn rename {dotfiles/sudoers.d => roles/sudoers/files}/insults (98%) create mode 100644 roles/sudoers/tasks/main.yml create mode 100644 roles/sudoers/templates/bye.j2 diff --git a/configs.yml b/configs.yml index 993b7a4..b52a8bc 100644 --- a/configs.yml +++ b/configs.yml @@ -1,12 +1,6 @@ sudoers: - run: - - sudo sed "s/\$USER/$USER/g" $(ls dotfiles/sudoers.d/* | grep -v -e arch -e debian) | sudo tee /etc/sudoers.d/setup-cockpit >/dev/null 2>&1 - - run: - command: sudo sed "s/\$USER/$USER/g" dotfiles/sudoers.d/*.arch | sudo tee -a /etc/sudoers.d/setup-cockpit >/dev/null 2>&1 - condition: arch - - run: - command: sudo sed "s/\$USER/$USER/g" dotfiles/sudoers.d/*.debian | sudo tee -a /etc/sudoers.d/setup-cockpit >/dev/null 2>&1 - condition: debian + - sudo sed "s/\$USER/$USER/g" dotfiles/sudoers.d/* | sudo tee /etc/sudoers.d/setup-cockpit >/dev/null 2>&1 - run: - sudo chmod 600 /etc/sudoers.d/setup-cockpit diff --git a/dotfiles/sudoers.d/bye.arch b/dotfiles/sudoers.d/bye.arch deleted file mode 100644 index ef8d21d..0000000 --- a/dotfiles/sudoers.d/bye.arch +++ /dev/null @@ -1,3 +0,0 @@ -## Use "sudo {shutdown,reboot,halt}" without needing a password. -$USER ALL=(root) NOPASSWD:/usr/bin/reboot,/usr/bin/halt,/usr/bin/shutdown - diff --git a/dotfiles/sudoers.d/bye.debian b/dotfiles/sudoers.d/bye.debian deleted file mode 100644 index 5ac933d..0000000 --- a/dotfiles/sudoers.d/bye.debian +++ /dev/null @@ -1,3 +0,0 @@ -## Use "sudo {shutdown,reboot,halt}" without needing a password. -$USER ALL=(root) NOPASSWD:/usr/sbin/reboot,/usr/sbin/halt,/usr/sbin/shutdown - diff --git a/dotfiles/sudoers.d/protonvpn b/dotfiles/sudoers.d/protonvpn deleted file mode 100644 index 76e2201..0000000 --- a/dotfiles/sudoers.d/protonvpn +++ /dev/null @@ -1,5 +0,0 @@ -## Use "sudo protonvpn" without needing a password. -## This is necessary to boot this setup, because "sudo protonvpn" is invoqued -## in ~/.xinitrc before starting the WM. -$USER ALL=(root) NOPASSWD:/usr/bin/protonvpn - diff --git a/playbook.yml b/playbook.yml index a71229a..104d489 100644 --- a/playbook.yml +++ b/playbook.yml @@ -24,3 +24,5 @@ tags: firefox - role: tor tags: tor + - role: sudoers + tags: sudoers diff --git a/dotfiles/sudoers.d/insults b/roles/sudoers/files/insults similarity index 98% rename from dotfiles/sudoers.d/insults rename to roles/sudoers/files/insults index cffe5c1..963bdab 100644 --- a/dotfiles/sudoers.d/insults +++ b/roles/sudoers/files/insults @@ -1,3 +1,2 @@ ## Replace the usual "Sorry, try again." with insults upon incorrect password. Defaults insults - diff --git a/roles/sudoers/tasks/main.yml b/roles/sudoers/tasks/main.yml new file mode 100644 index 0000000..f6a3f5b --- /dev/null +++ b/roles/sudoers/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +- name: Copy sudoers templates + become: true + template: + src: bye.j2 + dest: /etc/sudoers.d/bye + +- name: Copy sudoers files + become: true + copy: + src: insults + dest: /etc/sudoers.d/insults diff --git a/roles/sudoers/templates/bye.j2 b/roles/sudoers/templates/bye.j2 new file mode 100644 index 0000000..bc17238 --- /dev/null +++ b/roles/sudoers/templates/bye.j2 @@ -0,0 +1,2 @@ +## Use "sudo {shutdown,reboot,halt}" without needing a password. +{{ ansible_facts['env']['USER'] }} ALL=(root) NOPASSWD:/usr/sbin/reboot,/usr/sbin/halt,/usr/sbin/shutdown