base: doas configuration for _collectd user is managed in collectd role, not needed to have it by default

2023-02-17 16:20:32 +01:00 · 2023-02-17 16:20:32 +01:00 · 84e6ccec4f
parent 7258d99d13
commit 84e6ccec4f
2 changed files with 1 additions and 2 deletions
--- a/1
+++ b/1
@ -73,6 +73,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 * openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo
 * base: doas is used for evomaintenance, not sudo ; wheel group mustn't be sudo because we use the evolinux-sudo group
+* base: doas configuration for _collectd user is managed in collectd role, not needed to have it by default

 ## [21.12] - 2021-12-17

--- a/roles/base/tasks/doas.yml
+++ b/roles/base/tasks/doas.yml
@ -12,8 +12,6 @@
      permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :{{ evobsd_sudo_group }}
      permit nopass root
      permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :{{ evobsd_ssh_group }} as root cmd /usr/share/scripts/evomaintenance.sh
-      permit nopass _collectd as root cmd /bin/cat
-      permit nopass _collectd as root cmd /usr/sbin/bgpctl
      permit nopass _nrpe as root cmd /sbin/bioctl args sd2
      permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_mailq.pl
      permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl.sh