base: doas is used for evomaintenance, not sudo ; wheel group mustn't be sudo because we use the evolinux-sudo group

2023-02-09 15:18:53 +01:00 · 2023-02-09 15:18:53 +01:00 · 4b971b19fb
parent 328dc63d82
commit 4b971b19fb
2 changed files with 1 additions and 22 deletions
--- a/1
+++ b/1
@ -69,6 +69,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Removed

 * openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo
+* base: doas is used for evomaintenance, not sudo ; wheel group mustn't be sudo because we use the evolinux-sudo group

 ## [21.12] - 2021-12-17

--- a/roles/base/tasks/sudo.yml
+++ b/roles/base/tasks/sudo.yml
@ -8,34 +8,12 @@
  tags:
    - sudo

- name: "Allow wheel group to run command as root in sudo"
-  lineinfile:
-    dest: /etc/sudoers
-    insertafter: '# and set environment variables.'
-    line: "%wheel\tALL=(ALL) SETENV: ALL"
-    validate: 'visudo -cf %s'
-    backup: false
-  tags:
-    - sudo
-
- name: "Delete line with space instead of tab"
-  lineinfile:
-    dest: /etc/sudoers
-    line: "%wheel   ALL=(ALL) SETENV: ALL"
-    validate: 'visudo -cf %s'
-    backup: false
-    state: absent
-  tags:
-    - sudo
-
 - name: "Configure sudoers for evomaintenance and monitoring"
  blockinfile:
    state: present
    dest: /etc/sudoers
    insertafter: EOF
    block: |
-      Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh
-      %wheel ALL=NOPASSWD: MAINT
      %evolinux-sudo ALL=(ALL) SETENV: ALL
    validate: 'visudo -cf %s'
    backup: false