[usermanagement] feat: allow drone to use systemctl on revproxies

2024-12-14 11:06:31 +01:00 · 2024-12-14 11:06:31 +01:00 · cc52d99534
commit cc52d99534
parent 3fdd5d05b1
1 changed files with 6 additions and 0 deletions
--- a/templates/usermanagement/sudoers.d/sudoers.j2
+++ b/templates/usermanagement/sudoers.d/sudoers.j2
@ -16,12 +16,18 @@ drone registry.siempie.internal=(root) NOPASSWD:/usr/bin/docker *
 {% endif %}
 {% if inventory_hostname == 'rp01.siempie.internal' %}
 drone rp01.siempie.internal=(simon) NOPASSWD:/usr/bin/rclone *
+drone rp01.siempie.internal=(simon) NOPASSWD:/usr/bin/systemctl reload nginx
+drone rp01.siempie.internal=(simon) NOPASSWD:/usr/bin/systemctl status nginx
 {% endif %}
 {% if inventory_hostname == 'rp02.siempie.internal' %}
 drone rp02.siempie.internal=(simon) NOPASSWD:/usr/bin/rclone *
+drone rp01.siempie.internal=(simon) NOPASSWD:/usr/bin/systemctl reload nginx
+drone rp01.siempie.internal=(simon) NOPASSWD:/usr/bin/systemctl status nginx
 {% endif %}
 {% if inventory_hostname == 'wireguard.do.simoncor.net' %}
 drone wireguard.do.simoncor.net=(simon) NOPASSWD:/usr/bin/rclone *
+drone rp01.siempie.internal=(simon) NOPASSWD:/usr/bin/systemctl reload nginx
+drone rp01.siempie.internal=(simon) NOPASSWD:/usr/bin/systemctl status nginx
 {% endif %}
 {% else %}
 {% if sudo_pwless == False %}