From 4fbfd031a35a4ef2a02fd4169697ba16fb2fc36e Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Sun, 3 Nov 2024 13:25:14 +0100
Subject: [PATCH 1/2] Add sudo configuration for Asterisk I2C access

---
 files/platon/11_asterisk_i2c | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 files/platon/11_asterisk_i2c

diff --git a/files/platon/11_asterisk_i2c b/files/platon/11_asterisk_i2c
new file mode 100644
index 0000000..589db21
--- /dev/null
+++ b/files/platon/11_asterisk_i2c
@@ -0,0 +1 @@
+asterisk ALL=(root) NOPASSWD: /usr/sbin/i2cget, /usr/sbin/i2cset

From 64eee7b7dedd515fba77c97347b323053b51887b Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Sun, 3 Nov 2024 13:29:02 +0100
Subject: [PATCH 2/2] Install sudo config for Asterisk I2C

---
 host-platon.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/host-platon.yml b/host-platon.yml
index 3b9983a..b0623ad 100644
--- a/host-platon.yml
+++ b/host-platon.yml
@@ -277,6 +277,17 @@
         append: yes
       notify: restart asterisk
 
+    # Asterisk now executes shell scripts with reduced privileges, so we need to
+    # use sudo for I2C access.
+    - name: Set up sudo configuration for Asterisk I2C access
+      ansible.builtin.copy:
+        src: "files/platon/11_asterisk_i2c"
+        dest: "/etc/sudoers.d/"
+        owner: root
+        group: root
+        mode: "0644"
+      # Asterisk restart is not necessary
+
     - name: Copy sounds
       ansible.builtin.copy:
         src: "files/platon/{{ item }}"