Skip to content

Commit

Permalink
delint, improve ws handling, add support for @include
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewrothstein
andrewrothstein committed May 12, 2023
1 parent ee0021b commit b8524d5
Show file tree
Hide file tree
Showing 6 changed files with 35 additions and 27 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ jobs:
python-version: ${{ matrix.python-version }}
- name: install task
uses: arduino/setup-task@v1
with:
repo-token: ${{ github.token }}
- name: task ver
run: task --version
- name: download task mono
Expand Down
3 changes: 1 addition & 2 deletions meta/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,4 @@ galaxy_info:
galaxy_tags:
- sudo
- sysadmin

dependencies: []
role_name: sudoers
47 changes: 27 additions & 20 deletions tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,22 @@
- '{{ role_path }}/vars'

- name: install sudo pkgs...
become: yes
become: true
become_user: root
package:
name: '{{ sudoers_pkgs }}'
state: present

- name: ensure sudoers dropin directory exists
become: yes
- name: ensure sudoers dropin directory {{ sudoers_dropin_dir }} exists
become: true
become_user: root
file:
path: '{{ sudoers_dropin_dir }}'
state: directory
mode: 0750

- name: enable passwordless sudo for assorted groups
become: yes
become: true
become_user: root
template:
src: '{{ item }}.j2'
Expand All @@ -37,27 +37,34 @@
- proxyenv

- name: 'ensure sudoers dropin directory is #includedir-ed'
become: yes
become: true
become_user: root
lineinfile:
dest: '{{ sudoers_cfg_file }}'
regexp: '^#includedir\s+{{ sudoers_dropin_dir }}'
line: '#includedir {{ sudoers_dropin_dir }}'

- name: ensure sudoreplay directory exists
become: yes
- name: ensure sudoers dropin directory is @includedir-ed
become: true
become_user: root
file:
path: '{{ sudoreplay_dir }}'
state: directory
mode: 0750
when: sudoreplay_enabled
lineinfile:
dest: '{{ sudoers_cfg_file }}'
regexp: '^@includedir\s+{{ sudoers_dropin_dir }}'
line: '@includedir {{ sudoers_dropin_dir }}'

- name: enable sudoreplay
become: yes
become_user: root
template:
src: 'sudoreplay.j2'
dest: '{{ sudoers_dropin_dir }}/sudoreplay'
mode: 0440
when: sudoreplay_enabled
- when: sudoreplay_enabled
block:
- name: ensure sudoreplay directory {{ sudoreplay_dir }} exists
become: true
become_user: root
file:
path: '{{ sudoreplay_dir }}'
state: directory
mode: 0750
- name: dropin sudoreplay
become: true
become_user: root
template:
src: sudoreplay.j2
dest: '{{ sudoers_dropin_dir }}/sudoreplay'
mode: 0440
4 changes: 2 additions & 2 deletions templates/nopasswd.j2
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
## Allows people in assorted groups to run all commands
{% for g in sudoers_groups %}
%{{g}} ALL=(ALL) NOPASSWD:ALL
{% for g in sudoers_groups -%}
%{{ g }} ALL=(ALL) NOPASSWD:ALL
{% endfor %}
4 changes: 2 additions & 2 deletions templates/sudoreplay.j2
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{% for r in sudoreplay_envs %}
{{r}}
{% for r in sudoreplay_envs -%}
{{ r }}
{% endfor %}
2 changes: 1 addition & 1 deletion test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
---
- hosts: all
roles:
- role: '{{playbook_dir}}'
- role: '{{ playbook_dir }}'

0 comments on commit b8524d5

Please sign in to comment.