dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity

r/doas: Configure sudo alternative

Browse Source 
In the spirit of replacing bloated tools with unnecessary functionality
with smaller, more focused alternatives, we can use `doas` instead of
`sudo`.  Originally, it was a BSD tool, but the Linux port supports PAM,
so we can still use `pam_auth_ssh_agent` for ppasswordless
authentication.
This commit is contained in:
Dustin
2024-11-23 20:01:37 -06:00
parent c95a96a33c
commit 7a5f01f8a3
4 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
group_vars/all.yml
View File

@@ -5,6 +5,11 @@ managed_users:
groups:
- wheel
doas_authorized_ssh_keys: |
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIF4yQAS0bAQ9Ymxgxv828MsX0z4ff/Fs//0PQOtPexRJAAAABHNzaDo= dustin@rosalina.pyrocufflink.blue
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINal4+Gn/KuyP6YTsQuW4cphfDcjrS428osVIqnqMfagAAAABHNzaDo= dustin@luma.pyrocufflink.blue
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDD3Ebb7dyEyCylgEjmhFxvGqbPkT+0KSpI+xEGXLFnn jenkins
sshca_url: https://sshca.pyrocufflink.blue
ssh_trusted_user_ca_keys: >-
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyi18IfxAf9wLnyffnMrThYpqxVwu0rsuiLoqW6rcwF sshca.pyrocufflink.blue