From a217bb2e560c112b98a4101fb811527ff5d776dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Dubois?= <jdubois@evolix.fr>
Date: Wed, 27 Sep 2023 10:17:33 +0200
Subject: [PATCH] base: deactivate insults in sudo

---
 CHANGELOG                 | 1 +
 roles/base/tasks/sudo.yml | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index a58ee42..08858c4 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -31,6 +31,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * accounts: create only users who have a certain value for the `create` key (default: `always`)
 * nagios-nrpe: add the ipmi_sensor check
 * base: doas configuration for ipmi_sensor NRPE check
+* base: deactivate insults in sudo
 
 ### Changed
 
diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml
index 7f244fe..a793cfb 100644
--- a/roles/base/tasks/sudo.yml
+++ b/roles/base/tasks/sudo.yml
@@ -8,6 +8,15 @@
   tags:
     - sudo
 
+- name: "Deactivate sudo insults"
+  lineinfile:
+    dest: /etc/sudoers
+    insertafter: 'Defaults umask=0077'
+    line: 'Defaults !insults'
+    validate: 'visudo -cf %s'
+  tags:
+    - sudo
+
 - name: "Configure sudoers"
   blockinfile:
     state: present