49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
- name: Setup passwordless sudo
|
|
tasks:
|
|
- name: Check that the sudo-dom0-prompt exists
|
|
stat:
|
|
path: '/etc/authselect/custom/sudo-dom0-prompt'
|
|
register: stat_result
|
|
|
|
- name: Create authselect profile
|
|
shell: authselect create-profile sudo-dom0-prompt --base-on=sssd --symlink-meta --symlink-pam
|
|
when: not stat_result.stat.exists
|
|
- name: Copy authselect file
|
|
ansible.builtin.copy:
|
|
src: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'
|
|
dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth.original_aside'
|
|
mode: '0644'
|
|
|
|
- name: Copy authselect folder
|
|
ansible.builtin.copy:
|
|
src: '/etc/authselect/system-auth'
|
|
dest: '/etc/authselect/custom/sudo-dom0-prompt'
|
|
mode: '0755'
|
|
|
|
- name: Copy authselect file
|
|
ansible.builtin.copy:
|
|
src: 'etc/authselect/custom/sudo-dom0-prompt/system-auth'
|
|
dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'
|
|
mode: '0644'
|
|
|
|
|
|
- name: Select authselect profile
|
|
shell: authselect select custom/sudo-dom0-prompt
|
|
|
|
- name: Fix sudoers.d
|
|
ansible.builtin.copy:
|
|
src: 'etc/sudoers.d/qubes'
|
|
dest: '/etc/sudoers.d/qubes'
|
|
mode: '0440'
|
|
|
|
- name: Check that allow all rule doesn't exist
|
|
stat:
|
|
path: '/etc/polkit-1/rules.d/00-qubes-allow-all.rules'
|
|
register: allow_all_result
|
|
|
|
- name: Delete allow all rule
|
|
ansible.builtin.file:
|
|
path: '/etc/polkit-1/rules.d/00-qubes-allow-all.rules'
|
|
state: 'absent'
|
|
when: allow_all_result.stat.exists
|
|
|