sudo doas add rights

2025-09-02 01:07:14 -05:00
parent 14219402a5
commit f646dca6b7
1 changed files with 11 additions and 0 deletions
--- a/linux/compliance.yaml
+++ b/linux/compliance.yaml
@@ -99,6 +99,17 @@
        line: 'ansible ALL=(ALL) NOPASSWD: ALL'
        state: present
        validate: 'visudo -cf %s'
+      when: "ansible_distribution != 'Alpine'"
+    
+    # Give ansible doas rights with no password required.
+    - name: Add doas rights with no password for deployment user (Alpine only)
+      lineinfile:
+        dest: /etc/doas.conf
+        regexp: '^ansible'
+        line: 'permit keepenv nopass :ansible'
+        state: present
+        validate: 'doas -C %s'
+      when: "ansible_distribution == 'Alpine'"

    # # Configure firewalld (if installed) to be disabled (especially if an internal server.) Firewall rules are managed by UniFi.
    # - name: Stop and disable firewalld.