ansible/common
ansible/common
1
0
Fork 0
Code Issues Pull requests Releases Activity

feat: make sudoers file clever

Browse source
This commit is contained in:
Simon Cornet 2026-03-20 18:13:12 +01:00
commit 8f73339a99
1 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

28
templates/usermanagement/sudoers.d/sudoers.j2
View file

@ -1,25 +1,25 @@
{% if __user['username'] == 'drone' %} {% if __user['username'] == 'drone' %}
{% if inventory_hostname == 'ansible.siempie.internal' %} {% if inventory_hostname == 'ansible.siempie.internal' %}
drone ansible.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /etc/ansible * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/git -C /etc/ansible *
drone ansible.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /etc/ansible/roles/common * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/git -C /etc/ansible/roles/common *
drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-galaxy * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/ansible-galaxy *
drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-playbook * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/ansible-playbook *
drone ansible.siempie.internal=(root) NOPASSWD:SETENV:/usr/bin/sh * drone {{ inventory_hostname }}=(root) NOPASSWD:SETENV:/usr/bin/sh *
{% endif %} {% endif %}
{% if inventory_hostname == 'mgmt01.siempie.internal' %} {% if inventory_hostname == 'mgmt01.siempie.internal' %}
drone mgmt01.siempie.internal=(simon) NOPASSWD:/usr/local/bin/kubectl * drone {{ inventory_hostname }}=(simon) NOPASSWD:/usr/local/bin/kubectl *
drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/local/bin/kubectl * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/kubectl *
drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/local/bin/helm * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/helm *
drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/bin/git * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/git *
{% endif %} {% endif %}
{% if inventory_hostname == 'packer01.siempie.internal' %} {% if inventory_hostname == 'packer01.siempie.internal' %}
drone packer.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /mnt/packer * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/git -C /mnt/packer *
drone packer.siempie.internal=(root) NOPASSWD:/usr/local/bin/packer * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/local/bin/packer *
{% endif %} {% endif %}
{% if inventory_hostname == 'wireguard.do.simoncor.net' %} {% if inventory_hostname == 'wireguard.do.simoncor.net' %}
drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/rclone * drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/rclone *
drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl reload nginx drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/systemctl reload nginx
drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl status nginx drone {{ inventory_hostname }}=(root) NOPASSWD:/usr/bin/systemctl status nginx
{% endif %} {% endif %}
{% else %} {% else %}
{% if sudo_pwless == False %} {% if sudo_pwless == False %}