From ea32facca263f3b3b5e12dd3193625d2ac2b7b9e Mon Sep 17 00:00:00 2001
From: Quentin <quentin@deuxfleurs.fr>
Date: Sun, 16 Feb 2020 20:05:47 +0100
Subject: Safer Ansible

---
 ansible/roles/common/tasks/main.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'ansible/roles/common')

diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index 3ffc105..b4d00bb 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -40,3 +40,12 @@
       - strace
       - sudo
     state: present
+
+- name: "Passwordless sudo"
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: 'visudo -cf %s'
+
-- 
cgit v1.2.3