ansible-playbooks/roles/sudo-dom0-prompt/tasks/main.yaml

---
- name: Check that the sudo-dom0-prompt exists
  stat:
    path: '/etc/authselect/custom/sudo-dom0-prompt'
  register: stat_result

- name: Create authselect profile
  shell: authselect create-profile sudo-dom0-prompt --base-on=sssd --symlink-meta --symlink-pam
  when: not stat_result.stat.exists

- name: Copy authselect file
  ansible.builtin.copy:
    src: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'
    dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth.original_aside'
    mode: '0644'

- name: Copy authselect folder
  ansible.builtin.copy:
    src: '/etc/authselect/system-auth'
    dest: '/etc/authselect/custom/sudo-dom0-prompt'
    mode: '0755'

- name: Copy authselect file
  ansible.builtin.copy:
    src: 'etc/authselect/custom/sudo-dom0-prompt/system-auth'
    dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'
    mode: '0644'


- name: Select authselect profile
  shell: authselect select custom/sudo-dom0-prompt

- name: Fix sudoers.d
  ansible.builtin.copy:
    src: 'etc/sudoers.d/qubes'
    dest: '/etc/sudoers.d/qubes'
    mode: '0440'

- name: Check that allow all rule doesn't exist
  stat:
    path: '/etc/polkit-1/rules.d/00-qubes-allow-all.rules'
  register: allow_all_result

- name: Delete allow all rule
  ansible.builtin.file:
    path: '/etc/polkit-1/rules.d/00-qubes-allow-all.rules'
    state: 'absent'
  when: allow_all_result.stat.exists
even moar task debugging 2025-03-04 00:39:17 +01:00			`---`
tasklist debugging 2025-03-04 00:37:43 +01:00			`- name: Check that the sudo-dom0-prompt exists`
			`stat:`
			`path: '/etc/authselect/custom/sudo-dom0-prompt'`
			`register: stat_result`

			`- name: Create authselect profile`
			`shell: authselect create-profile sudo-dom0-prompt --base-on=sssd --symlink-meta --symlink-pam`
			`when: not stat_result.stat.exists`
indent fixes 2025-03-04 00:43:20 +01:00
tasklist debugging 2025-03-04 00:37:43 +01:00			`- name: Copy authselect file`
			`ansible.builtin.copy:`
indent fixes 2025-03-04 00:43:20 +01:00			`src: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'`
			`dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth.original_aside'`
			`mode: '0644'`
tasklist debugging 2025-03-04 00:37:43 +01:00
			`- name: Copy authselect folder`
			`ansible.builtin.copy:`
indent fixes 2025-03-04 00:43:20 +01:00			`src: '/etc/authselect/system-auth'`
			`dest: '/etc/authselect/custom/sudo-dom0-prompt'`
			`mode: '0755'`
tasklist debugging 2025-03-04 00:37:43 +01:00
			`- name: Copy authselect file`
			`ansible.builtin.copy:`
indent fixes 2025-03-04 00:43:20 +01:00			`src: 'etc/authselect/custom/sudo-dom0-prompt/system-auth'`
			`dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'`
			`mode: '0644'`
tasklist debugging 2025-03-04 00:37:43 +01:00

			`- name: Select authselect profile`
			`shell: authselect select custom/sudo-dom0-prompt`

			`- name: Fix sudoers.d`
			`ansible.builtin.copy:`
indent fixes 2025-03-04 00:43:20 +01:00			`src: 'etc/sudoers.d/qubes'`
			`dest: '/etc/sudoers.d/qubes'`
			`mode: '0440'`
tasklist debugging 2025-03-04 00:37:43 +01:00
			`- name: Check that allow all rule doesn't exist`
			`stat:`
Role debugging 2025-03-04 00:36:34 +01:00			`path: '/etc/polkit-1/rules.d/00-qubes-allow-all.rules'`
tasklist debugging 2025-03-04 00:37:43 +01:00			`register: allow_all_result`

			`- name: Delete allow all rule`
			`ansible.builtin.file:`
indent fixes 2025-03-04 00:43:20 +01:00			`path: '/etc/polkit-1/rules.d/00-qubes-allow-all.rules'`
			`state: 'absent'`
tasklist debugging 2025-03-04 00:37:43 +01:00			`when: allow_all_result.stat.exists`
KDE 2025-03-02 12:21:59 +01:00