From d2e8b9237fcb339f7d200c817f67ce130e52bf49 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 25 Nov 2024 21:59:54 -0600
Subject: [PATCH] Enable doas become plugin for non AD members

The new servers that are not members of the AD domain use `doas` instead
of `sudo`.
---
 group_vars/all.yml               | 8 ++++++++
 group_vars/pyrocufflink/main.yml | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/group_vars/all.yml b/group_vars/all.yml
index a90b9c7..7a8480d 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,9 +1,17 @@
+ansible_become_method: community.general.doas
+ansible_become_password: unused
+
 managed_users:
 - name: dustin
   comment: Dustin C. Hatch
   uid: 3000016
   groups:
   - wheel
+- name: jenkins
+  comment: Jenkins
+  uid: 3000018
+  groups:
+  - wheel
 
 doas_authorized_ssh_keys: |
   sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIF4yQAS0bAQ9Ymxgxv828MsX0z4ff/Fs//0PQOtPexRJAAAABHNzaDo= dustin@rosalina.pyrocufflink.blue
diff --git a/group_vars/pyrocufflink/main.yml b/group_vars/pyrocufflink/main.yml
index 3a36093..49db7d7 100644
--- a/group_vars/pyrocufflink/main.yml
+++ b/group_vars/pyrocufflink/main.yml
@@ -1,3 +1,5 @@
+ansible_become_method: sudo
+
 krb5_realm: PYROCUFFLINK.BLUE
 samba_security: ads
 samba_use_winbind: true