sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(configuration): enable per-family time-sync and skip sudo-rs lecture

Browse Source
This commit is contained in:
Sandwich
2026-05-31 12:30:26 +02:00
parent 579c499c02
commit 477c8379c4
3 changed files with 39 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
roles/configuration/tasks/banner.yml
View File

@@ -42,25 +42,37 @@
- name: Configure sudo banner
when: system_cfg.features.banner.sudo | bool
block:
- name: Create sudo lecture file
ansible.builtin.copy:
content: |
I am Groot, and I know what I'm doing.
dest: /mnt/etc/sudo_lecture
mode: "0644"
owner: root
group: root
- name: Detect the target sudo implementation
ansible.builtin.command: "{{ chroot_command }} /usr/bin/sudo --version"
register: configuration_sudo_version
changed_when: false
failed_when: false
- name: Enable sudo lecture in sudoers
ansible.builtin.lineinfile:
path: /mnt/etc/sudoers
line: "{{ item }}"
state: present
create: true
mode: "0440"
owner: root
group: root
validate: "/usr/sbin/visudo --check --file=%s"
loop:
- "Defaults lecture=always"
- "Defaults lecture_file=/etc/sudo_lecture"
# sudo-rs (Ubuntu 25.10+) implements neither `lecture` nor `lecture_file`
# and warns on every sudo call when they are set. It prints its version banner
# to stderr, not stdout, so match against both streams.
- name: Configure the sudo lecture
when: "'sudo-rs' not in (configuration_sudo_version.stdout ~ configuration_sudo_version.stderr)"
block:
- name: Create sudo lecture file
ansible.builtin.copy:
content: |
I am Groot, and I know what I'm doing.
dest: /mnt/etc/sudo_lecture
mode: "0644"
owner: root
group: root
- name: Enable sudo lecture in sudoers
ansible.builtin.lineinfile:
path: /mnt/etc/sudoers
line: "{{ item }}"
state: present
create: true
mode: "0440"
owner: root
group: root
validate: "/usr/sbin/visudo --check --file=%s"
loop:
- "Defaults lecture=always"
- "Defaults lecture_file=/etc/sudo_lecture"