From 8f73339a99dadde01b07260c64854ed67d453561 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Fri, 20 Mar 2026 18:13:12 +0100
Subject: [PATCH] feat: make sudoers file clever

---
 templates/usermanagement/sudoers.d/sudoers.j2 | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/templates/usermanagement/sudoers.d/sudoers.j2 b/templates/usermanagement/sudoers.d/sudoers.j2
index 109b8db..596aff9 100644
--- a/templates/usermanagement/sudoers.d/sudoers.j2
+++ b/templates/usermanagement/sudoers.d/sudoers.j2
@@ -1,25 +1,25 @@
 {% if __user['username'] == 'drone' %}
 {% if inventory_hostname == 'ansible.siempie.internal' %}
-drone ansible.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /etc/ansible *
-drone ansible.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /etc/ansible/roles/common *
-drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-galaxy *
-drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-playbook *
-drone ansible.siempie.internal=(root) NOPASSWD:SETENV:/usr/bin/sh *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/git -C /etc/ansible *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/git -C /etc/ansible/roles/common *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/ansible-galaxy *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/ansible-playbook *
+drone {{ inventory_hostname }}=(root) NOPASSWD:SETENV:/usr/bin/sh *
 {% endif %}
 {% if inventory_hostname == 'mgmt01.siempie.internal' %}
-drone mgmt01.siempie.internal=(simon) NOPASSWD:/usr/local/bin/kubectl *
-drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/local/bin/kubectl *
-drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/local/bin/helm *
-drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/bin/git *
+drone {{ inventory_hostname }}=(simon) NOPASSWD:/usr/local/bin/kubectl *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/kubectl *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/helm *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/git *
 {% endif %}
 {% if inventory_hostname == 'packer01.siempie.internal' %}
-drone packer.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /mnt/packer *
-drone packer.siempie.internal=(root) NOPASSWD:/usr/local/bin/packer *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/git -C /mnt/packer *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/packer *
 {% endif %}
 {% if inventory_hostname == 'wireguard.do.simoncor.net' %}
-drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/rclone *
-drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl reload nginx
-drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl status nginx
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/rclone *
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/systemctl reload nginx
+drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/systemctl status nginx
 {% endif %}
 {% else %}
 {% if sudo_pwless == False %}