2018-12-28 11:23:49 +01:00
|
|
|
---
|
2022-06-23 16:17:42 +02:00
|
|
|
- name: "Configure doas"
|
2022-08-11 16:12:48 +02:00
|
|
|
blockinfile:
|
2018-12-28 11:23:49 +01:00
|
|
|
dest: /etc/doas.conf
|
|
|
|
owner: root
|
|
|
|
group: wheel
|
|
|
|
mode: "0640"
|
2022-08-11 16:12:48 +02:00
|
|
|
create: yes
|
|
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK FROM EVOBSD"
|
|
|
|
block: |
|
|
|
|
permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :{{ evobsd_sudo_group }}
|
|
|
|
permit nopass root
|
|
|
|
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :{{ evobsd_ssh_group }} as root cmd /usr/share/scripts/evomaintenance.sh
|
|
|
|
permit nopass _collectd as root cmd /bin/cat
|
|
|
|
permit nopass _collectd as root cmd /usr/sbin/bgpctl
|
|
|
|
permit nopass _nrpe as root cmd /sbin/bioctl args sd2
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_mailq.pl
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl.sh
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openbgpd
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_connections_state.sh
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl_critiques.sh
|
|
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
2018-12-28 11:23:49 +01:00
|
|
|
tags:
|
2020-06-01 11:37:15 +02:00
|
|
|
- doas
|