diff --git a/Choux.yml b/Choux.yml index 12e720a..ef467d2 100644 --- a/Choux.yml +++ b/Choux.yml @@ -8,3 +8,4 @@ tasks: - include: tasks/arch_base_packages.yml - include: tasks/users.yml + - include: tasks/sudo.yml diff --git a/files/sudoers b/files/sudoers new file mode 100644 index 0000000..fb62e74 --- /dev/null +++ b/files/sudoers @@ -0,0 +1,12 @@ +root ALL=(ALL) ALL +%sudo ALL=(ALL) ALL + +# Allow the build user access to pacman. This user can't be accessed without +# being in the sudo group, anyway. +makepkg ALL=NOPASSWD: /usr/bin/pacman * + +# If you managed to run malicious code as my user, I'm already fucked, so err +# on the side of usability. +{% for user in deploy_users %} +{{ user }} ALL=(ALL) NOPASSWD:ALL +{% endfor %} diff --git a/tasks/sudo.yml b/tasks/sudo.yml new file mode 100644 index 0000000..e17f946 --- /dev/null +++ b/tasks/sudo.yml @@ -0,0 +1,23 @@ +--- +- name: Install sudo + pacman: + name: sudo + state: present + +- name: Configure sudoers + template: + src: files/sudoers + dest: /etc/sudoers + mode: 0440 + +- name: Create sudo group + group: + name: sudo + state: present + +- name: Add local user to sudo group + user: + name: {{ item }} + groups: sudo + append: yes + with_items: '{{ deploy_users }}' diff --git a/tasks/users.yml b/tasks/users.yml index cd21505..16adef0 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -1,2 +1,8 @@ --- +- name: Add users + user: + name: "{{ username }}" + password: "{{ password }}" + shell: /bin/zsh + with_items: "{{ users }}" diff --git a/vars/common.yml b/vars/common.yml index 7958410..ae43097 100644 --- a/vars/common.yml +++ b/vars/common.yml @@ -1,8 +1,8 @@ --- users: - - { username: 'lafrite', passworld: ''} - - { username: 'waha', passworld: ''} + - { username: 'lafrite', password: '$6$OnPrZgotbSWZlh0T$VSyF8lUhD/N881d1GsggE7jDFt0uAzls2r.pqgDV6XQKbTqZWfv0X4QWd/3wivUDyzaSjP4LQWVfne7KYR6Vv1'} + - { username: 'waha', password: '$6$tQLlZ3lI/NDcT3.C$VCBzrpNxDgOK7b2que2/BnAYWl.zKVugZrQEPxtsq3iWcskEzQ1NvytZRXkB4GCDa/xEohxiodyCaZyFnhxby1'} deploy_users: - waha