ansible/common
ansible/common
1
0
Fork 0
Code Issues Pull requests Releases Activity

feat: improve sudoers.j2 template

Browse source
This commit is contained in:
Simon Cornet 2025-06-02 10:17:41 +02:00
commit 6397364a6d
1 changed files with 8 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

19
templates/usermanagement/sudoers.d/sudoers.j2
View file

@ -5,6 +5,8 @@ drone ansible.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /etc/ansible/role
drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-galaxy *
drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-playbook *
drone ansible.siempie.internal=(root) NOPASSWD:SETENV:/usr/bin/sh *
{% if inventory_hostname in groups['proxmox'] %}
drone {{ inventory_hostname }}=(root) NOPASSWD:./scripts/fstrim.sh
{% endif %}
{% if inventory_hostname == 'mgmt01.infra.vpn.mirahsimon.us' %}
drone mgmt01.siempie.internal=(simon) NOPASSWD:/usr/local/bin/kubectl *
@ -19,20 +21,15 @@ drone packer.siempie.internal=(root) NOPASSWD:/usr/local/bin/packer *
{% if inventory_hostname == 'registry.siempie.internal' %}
drone registry.siempie.internal=(root) NOPASSWD:/usr/bin/docker *
{% endif %}
{% if inventory_hostname == 'rp01.siempie.internal' %}
drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/rclone *
drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl reload nginx
drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl status nginx
{% endif %}
{% if inventory_hostname == 'rp02.siempie.internal' %}
drone rp02.siempie.internal=(root) NOPASSWD:/usr/bin/rclone *
drone rp02.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl reload nginx
drone rp02.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl status nginx
{% if inventory_hostname in groups['revproxy'] %}
drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/rclone *
drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/systemctl reload nginx
drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/systemctl status nginx
{% endif %}
{% if inventory_hostname == 'wireguard.do.simoncor.net' %}
drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/rclone *
drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl reload nginx
drone rp01.siempie.internal=(root) NOPASSWD:/usr/bin/systemctl status nginx
drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl reload nginx
drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl status nginx
{% endif %}
{% else %}
{% if sudo_pwless == False %}