env-ansible/tasks/general/acct_mgmt/doas.yml

---
# Install and configure doas.

- name: General | Software | DoAs | Facts
  set_fact:
    doas_config: |
      permit persist :wheel as root
      permit persist :admin as root
      permit persist :sudo as root
    doas_conf_file_linux: /etc/doas.conf
    doas_conf_file_bsd: /usr/local/etc/doas.conf

- name: General | Software | DoAs | Install
  package:
    name:
      - doas
  register: doas_install
  ignore_errors: yes

- name: General | Software | DoAs | Configure [Linux]
  blockinfile:
    path: "{{ doas_conf_file_linux }}"
    block: |
      {{ doas_config }}
    marker: '# {mark} MANAGED BY ANSIBLE | doas Linux'
    state: present
    create: yes
    backup: yes
  when: not doas_install.failed and ansible_system in ("Linux")

- name: General | Software | DoAs | Configure [BSD]
  blockinfile:
    path: "{{ doas_conf_file_linux }}"
    block: |
      {{ doas_config }}
    marker: '# {mark} MANAGED BY ANSIBLE | doas BSD'
    state: present
    create: yes
    backup: yes
  when: not doas_install.failed and ansible_system in ("FreeBSD")

- name: General | Software | DoAs | Configure [Other]
  blockinfile:
    path: "{{ item }}"
    block: |
      {{ doas_config }}
    marker: '# {mark} MANAGED BY ANSIBLE | doas Other'
    state: present
    create: yes
    backup: yes
  loop:
    - "{{ doas_conf_file_linux }}"
    - "{{ doas_conf_file_bsd }}"
  when: not doas_install.failed and ansible_system not in ("Linux", "FreeBSD")
General Improvements (#36) * Add at and reword comment. * Add cronie, thought this was already done but last pull request got wonky. * Zypper is not happy about asking Brave repo to be added multiple times. * Replace deprecated `include` commands. * Add gcc. * Add another cc command for openSUSE. * include_tasks is not supporting ignore_errors like include used to, move to individual tasks. * Do a better job of removing libreoffice from local package manager. * Enhance reports. * Add basic VIM setup. * Undo some lynis changes, fix folder permissions so users can view. * Change lynis back to chdir and local execution. * Add doas. * Add check against old usage of setup.sh BRANCH. * Greatly reduce number of tasks, create temp file while building report. * Create temp file while building report. 2023-02-19 10:04:10 -06:00			`---`
			`# Install and configure doas.`

			`- name: General \| Software \| DoAs \| Facts`
			`set_fact:`
			`doas_config: \|`
			`permit persist :wheel as root`
			`permit persist :admin as root`
			`permit persist :sudo as root`
			`doas_conf_file_linux: /etc/doas.conf`
			`doas_conf_file_bsd: /usr/local/etc/doas.conf`

			`- name: General \| Software \| DoAs \| Install`
			`package:`
			`name:`
			`- doas`
Fixes (#37) * Don't create doas config if failed to install. * Fix it better, previous change made it so that a value was required, could not just run setup.sh.. 2023-02-19 10:33:25 -06:00			`register: doas_install`
General Improvements (#36) * Add at and reword comment. * Add cronie, thought this was already done but last pull request got wonky. * Zypper is not happy about asking Brave repo to be added multiple times. * Replace deprecated `include` commands. * Add gcc. * Add another cc command for openSUSE. * include_tasks is not supporting ignore_errors like include used to, move to individual tasks. * Do a better job of removing libreoffice from local package manager. * Enhance reports. * Add basic VIM setup. * Undo some lynis changes, fix folder permissions so users can view. * Change lynis back to chdir and local execution. * Add doas. * Add check against old usage of setup.sh BRANCH. * Greatly reduce number of tasks, create temp file while building report. * Create temp file while building report. 2023-02-19 10:04:10 -06:00			`ignore_errors: yes`

			`- name: General \| Software \| DoAs \| Configure [Linux]`
			`blockinfile:`
			`path: "{{ doas_conf_file_linux }}"`
			`block: \|`
			`{{ doas_config }}`
			`marker: '# {mark} MANAGED BY ANSIBLE \| doas Linux'`
			`state: present`
			`create: yes`
			`backup: yes`
Fixes (#37) * Don't create doas config if failed to install. * Fix it better, previous change made it so that a value was required, could not just run setup.sh.. 2023-02-19 10:33:25 -06:00			`when: not doas_install.failed and ansible_system in ("Linux")`
General Improvements (#36) * Add at and reword comment. * Add cronie, thought this was already done but last pull request got wonky. * Zypper is not happy about asking Brave repo to be added multiple times. * Replace deprecated `include` commands. * Add gcc. * Add another cc command for openSUSE. * include_tasks is not supporting ignore_errors like include used to, move to individual tasks. * Do a better job of removing libreoffice from local package manager. * Enhance reports. * Add basic VIM setup. * Undo some lynis changes, fix folder permissions so users can view. * Change lynis back to chdir and local execution. * Add doas. * Add check against old usage of setup.sh BRANCH. * Greatly reduce number of tasks, create temp file while building report. * Create temp file while building report. 2023-02-19 10:04:10 -06:00
			`- name: General \| Software \| DoAs \| Configure [BSD]`
			`blockinfile:`
			`path: "{{ doas_conf_file_linux }}"`
			`block: \|`
			`{{ doas_config }}`
			`marker: '# {mark} MANAGED BY ANSIBLE \| doas BSD'`
			`state: present`
			`create: yes`
			`backup: yes`
Fixes (#37) * Don't create doas config if failed to install. * Fix it better, previous change made it so that a value was required, could not just run setup.sh.. 2023-02-19 10:33:25 -06:00			`when: not doas_install.failed and ansible_system in ("FreeBSD")`
General Improvements (#36) * Add at and reword comment. * Add cronie, thought this was already done but last pull request got wonky. * Zypper is not happy about asking Brave repo to be added multiple times. * Replace deprecated `include` commands. * Add gcc. * Add another cc command for openSUSE. * include_tasks is not supporting ignore_errors like include used to, move to individual tasks. * Do a better job of removing libreoffice from local package manager. * Enhance reports. * Add basic VIM setup. * Undo some lynis changes, fix folder permissions so users can view. * Change lynis back to chdir and local execution. * Add doas. * Add check against old usage of setup.sh BRANCH. * Greatly reduce number of tasks, create temp file while building report. * Create temp file while building report. 2023-02-19 10:04:10 -06:00
			`- name: General \| Software \| DoAs \| Configure [Other]`
			`blockinfile:`
			`path: "{{ item }}"`
			`block: \|`
			`{{ doas_config }}`
			`marker: '# {mark} MANAGED BY ANSIBLE \| doas Other'`
			`state: present`
			`create: yes`
			`backup: yes`
			`loop:`
			`- "{{ doas_conf_file_linux }}"`
			`- "{{ doas_conf_file_bsd }}"`
Fixes (#37) * Don't create doas config if failed to install. * Fix it better, previous change made it so that a value was required, could not just run setup.sh.. 2023-02-19 10:33:25 -06:00			`when: not doas_install.failed and ansible_system not in ("Linux", "FreeBSD")`