General Improvements (#36)

* Add at and reword comment. * Add cronie, thought this was already done but last pull request got wonky. * Zypper is not happy about asking Brave repo to be added multiple times. * Replace deprecated `include` commands. * Add gcc. * Add another cc command for openSUSE. * include_tasks is not supporting ignore_errors like include used to, move to individual tasks. * Do a better job of removing libreoffice from local package manager. * Enhance reports. * Add basic VIM setup. * Undo some lynis changes, fix folder permissions so users can view. * Change lynis back to chdir and local execution. * Add doas. * Add check against old usage of setup.sh BRANCH. * Greatly reduce number of tasks, create temp file while building report. * Create temp file while building report.
2023-02-19 10:04:10 -06:00
parent 904dda6883
commit b162731c29
15 changed files with 211 additions and 80 deletions
--- a/tasks/general/acct_mgmt/doas.yml
+++ b/tasks/general/acct_mgmt/doas.yml
@ -0,0 +1,53 @@
+---
+# Install and configure doas.
+
+- name: General | Software | DoAs | Facts
+  set_fact:
+    doas_config: |
+      permit persist :wheel as root
+      permit persist :admin as root
+      permit persist :sudo as root
+    doas_conf_file_linux: /etc/doas.conf
+    doas_conf_file_bsd: /usr/local/etc/doas.conf
+
+- name: General | Software | DoAs | Install
+  package:
+    name:
+      - doas
+  ignore_errors: yes
+
+- name: General | Software | DoAs | Configure [Linux]
+  blockinfile:
+    path: "{{ doas_conf_file_linux }}"
+    block: |
+      {{ doas_config }}
+    marker: '# {mark} MANAGED BY ANSIBLE | doas Linux'
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system in ("Linux")
+
+- name: General | Software | DoAs | Configure [BSD]
+  blockinfile:
+    path: "{{ doas_conf_file_linux }}"
+    block: |
+      {{ doas_config }}
+    marker: '# {mark} MANAGED BY ANSIBLE | doas BSD'
+    state: present
+    create: yes
+    backup: yes
+  when: ansible_system in ("FreeBSD")
+
+- name: General | Software | DoAs | Configure [Other]
+  blockinfile:
+    path: "{{ item }}"
+    block: |
+      {{ doas_config }}
+    marker: '# {mark} MANAGED BY ANSIBLE | doas Other'
+    state: present
+    create: yes
+    backup: yes
+  loop:
+    - "{{ doas_conf_file_linux }}"
+    - "{{ doas_conf_file_bsd }}"
+  when: ansible_system not in ("Linux", "FreeBSD")