From 84e6ccec4f1ec49a07f1f1a6329b95d5669db8af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Dubois?= Date: Fri, 17 Feb 2023 16:20:32 +0100 Subject: [PATCH] base: doas configuration for _collectd user is managed in collectd role, not needed to have it by default --- CHANGELOG | 1 + roles/base/tasks/doas.yml | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 67676f0..fb267d0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -73,6 +73,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo * base: doas is used for evomaintenance, not sudo ; wheel group mustn't be sudo because we use the evolinux-sudo group +* base: doas configuration for _collectd user is managed in collectd role, not needed to have it by default ## [21.12] - 2021-12-17 diff --git a/roles/base/tasks/doas.yml b/roles/base/tasks/doas.yml index 45b226f..5ba3135 100644 --- a/roles/base/tasks/doas.yml +++ b/roles/base/tasks/doas.yml @@ -12,8 +12,6 @@ permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :{{ evobsd_sudo_group }} permit nopass root permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :{{ evobsd_ssh_group }} as root cmd /usr/share/scripts/evomaintenance.sh - permit nopass _collectd as root cmd /bin/cat - permit nopass _collectd as root cmd /usr/sbin/bgpctl permit nopass _nrpe as root cmd /sbin/bioctl args sd2 permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_mailq.pl permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl.sh