29 lines
1.6 KiB
YAML
29 lines
1.6 KiB
YAML
# yamllint disable rule:line-length
|
|
---
|
|
- name: "Configure doas"
|
|
blockinfile:
|
|
dest: /etc/doas.conf
|
|
owner: root
|
|
group: wheel
|
|
mode: "0640"
|
|
create: true
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK FROM EVOBSD"
|
|
block: |
|
|
permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :{{ evobsd_sudo_group }}
|
|
permit nopass root
|
|
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :{{ evobsd_ssh_group }} as root cmd /usr/share/scripts/evomaintenance.sh
|
|
permit nopass _nrpe as root cmd /sbin/bioctl args sd2
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_mailq.pl
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl.sh
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openbgpd
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_connections_state.sh
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl_critiques.sh
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
|
tags:
|
|
- doas
|