From 6397364a6da49e89ae6392e36dfc96bfb5610720 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Mon, 2 Jun 2025 10:17:41 +0200
Subject: [PATCH] feat: improve sudoers.j2 template

---
 templates/usermanagement/sudoers.d/sudoers.j2 | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/templates/usermanagement/sudoers.d/sudoers.j2 b/templates/usermanagement/sudoers.d/sudoers.j2
index 3b8659d..c89fa3b 100644
--- a/templates/usermanagement/sudoers.d/sudoers.j2
+++ b/templates/usermanagement/sudoers.d/sudoers.j2
@@ -5,6 +5,8 @@ drone ansible.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /etc/ansible/role
 drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-galaxy *
 drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-playbook *
 drone ansible.siempie.internal=(root) NOPASSWD:SETENV:/usr/bin/sh *
+{% if inventory_hostname in groups['proxmox'] %}
+drone {{ inventory_hostname }}=(root) NOPASSWD:./scripts/fstrim.sh
 {% endif %}
 {% if inventory_hostname == 'mgmt01.infra.vpn.mirahsimon.us' %}
 drone mgmt01.siempie.internal=(simon) NOPASSWD:/usr/local/bin/kubectl *
@@ -19,20 +21,15 @@ drone packer.siempie.internal=(root) NOPASSWD:/usr/local/bin/packer *
 {% if inventory_hostname == 'registry.siempie.internal' %}
 drone registry.siempie.internal=(root) NOPASSWD:/usr/bin/docker *
 {% endif %}
-{% if inventory_hostname == 'rp01.siempie.internal' %}
-drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/rclone *
-drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl reload nginx
-drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl status nginx
-{% endif %}
-{% if inventory_hostname == 'rp02.siempie.internal' %}
-drone rp02.siempie.internal=(root) NOPASSWD:/usr/bin/rclone *
-drone rp02.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl reload nginx
-drone rp02.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl status nginx
+{% if inventory_hostname in groups['revproxy'] %}
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/rclone *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/systemctl reload nginx
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/systemctl status nginx
 {% endif %}
 {% if inventory_hostname == 'wireguard.do.simoncor.net' %}
 drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/rclone *
-drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl reload nginx
-drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl status nginx
+drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl reload nginx
+drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl status nginx
 {% endif %}
 {% else %}
 {% if sudo_pwless == False %}