From 16e059a50bd5872484b9d6cf542a8425d760ca20 Mon Sep 17 00:00:00 2001
From: Ariejan de Vroom <ariejan@devroom.io>
Date: Thu, 6 Jun 2024 23:01:51 +0200
Subject: [PATCH] aur_builder FTW

---
 roles/05_packages/tasks/aur.yml | 20 ++++++++++++++++++--
 roles/07_user/tasks/main.yml    |  2 +-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/roles/05_packages/tasks/aur.yml b/roles/05_packages/tasks/aur.yml
index 21d77cb..3bb00b5 100644
--- a/roles/05_packages/tasks/aur.yml
+++ b/roles/05_packages/tasks/aur.yml
@@ -1,9 +1,25 @@
 ---
+- name: Create the `aur_builder` user
+  become: true
+  ansible.builtin.user:
+    name: aur_builder
+    create_home: yes
+    group: wheel
+
+- name: Allow the `aur_builder` user to run `sudo pacman` without a password
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/sudoers.d/11-install-aur_builder
+    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
+    create: yes
+    mode: 0644
+    validate: 'visudo -cf %s'
+
 - name: Installing AUR helper
   kewlfft.aur.aur:
     name: "{{ aur_helper }}"
   become: true
-  become_user: "{{ user.name }}"
+  become_user: aur_builder
 
 - name: Install AUR packages
   kewlfft.aur.aur:
@@ -11,4 +27,4 @@
     state: present
     use: "{{ aur_helper }}"
   become: true
-  become_user: "{{ user.name }}"    
\ No newline at end of file
+  become_user: aur_builder  
\ No newline at end of file
diff --git a/roles/07_user/tasks/main.yml b/roles/07_user/tasks/main.yml
index 2610624..d54533b 100644
--- a/roles/07_user/tasks/main.yml
+++ b/roles/07_user/tasks/main.yml
@@ -22,6 +22,6 @@
 - name: Setup sudo
   ansible.builtin.copy:
     dest: /etc/sudoers.d/{{ user.name }}
-    content: "{{ user.name }} ALL=(ALL:ALL) NOPASSWD: ALL"
+    content: "{{ user.name }} ALL=(ALL:ALL) ALL"
     mode: 0440
     validate: /usr/sbin/visudo -cf %s
\ No newline at end of file