This file is frequently updated after a user connection to OpenVPN, so we do
not want to track it.

This reverts commit 4012a014ce.
Versions older than 5.7 are … old.
We do not handle versions that old.

evolinux-sudo group can already use doas, it should also
be allowed to use sudo

Fix #34 again

After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)

We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.

Do not add motd cron again if the same line is already there but uncommented

We put the doas authorization for collectd in the global file and we let it if
collectd is not there, because otherwise the authorization would be removed if
the base role was run without the collectd role, even if collectd was still
running. Collectd would have been broken.

PacketFilter need to be customized only once, at the first use.
After that, pf.conf will be modified on the server for the needs of the
network. It must not be overwriten.

Fix #34

We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.

I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.

Use "\t" instead of a litteral tab which can easily be broken. Also add a
deletion of line with spaces.

Reviewed-on: #28
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>

This variable had to be activated only if collectd_plugin_exec_ifq_drops or
collectd_plugin_exec_dns_stats was also activated, for some configuration to be
taken into account. I changed the role so that the configuration is
automatically taken into account if one of these two variables is activated.

Reviewed-on: #36
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>