base: do not erase custom configuration of servers in doas.conf
This commit is contained in:
parent
24180c31e4
commit
9a4a906b23
|
@ -38,6 +38,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
- base: loop over fstab entries instead of copying the same task for each entries
|
- base: loop over fstab entries instead of copying the same task for each entries
|
||||||
- etc-git: do not erase custom entries of servers in .gitignore files
|
- etc-git: do not erase custom entries of servers in .gitignore files
|
||||||
- nagios-nrpe: check_disk1 returns only alerts
|
- nagios-nrpe: check_disk1 returns only alerts
|
||||||
|
- base: do not erase custom configuration of servers in doas.conf
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,29 @@
|
||||||
---
|
---
|
||||||
- name: "Configure doas"
|
- name: "Configure doas"
|
||||||
template:
|
blockinfile:
|
||||||
src: doas.conf.j2
|
|
||||||
dest: /etc/doas.conf
|
dest: /etc/doas.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: wheel
|
group: wheel
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
backup: false
|
create: yes
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK FROM EVOBSD"
|
||||||
|
block: |
|
||||||
|
permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :{{ evobsd_sudo_group }}
|
||||||
|
permit nopass root
|
||||||
|
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :{{ evobsd_ssh_group }} as root cmd /usr/share/scripts/evomaintenance.sh
|
||||||
|
permit nopass _collectd as root cmd /bin/cat
|
||||||
|
permit nopass _collectd as root cmd /usr/sbin/bgpctl
|
||||||
|
permit nopass _nrpe as root cmd /sbin/bioctl args sd2
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_mailq.pl
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl.sh
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openbgpd
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_connections_state.sh
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl_critiques.sh
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
||||||
tags:
|
tags:
|
||||||
- doas
|
- doas
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :{{ evobsd_sudo_group }}
|
|
||||||
permit nopass root
|
|
||||||
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :{{ evobsd_ssh_group }} as root cmd /usr/share/scripts/evomaintenance.sh
|
|
||||||
permit nopass _collectd as root cmd /bin/cat
|
|
||||||
permit nopass _collectd as root cmd /usr/sbin/bgpctl
|
|
||||||
permit nopass _nrpe as root cmd /sbin/bioctl args sd0
|
|
||||||
permit nopass _nrpe as root cmd /sbin/bioctl args sd2
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_mailq.pl
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl.sh
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openbgpd
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_connections_state.sh
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl_critiques.sh
|
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
|
Loading…
Reference in a new issue