sudoers must not be a template

[dsa-puppet.git] / modules / sudo / manifests / init.pp

diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp
index 974d70912c37011847efadd8f4dd5307869fd636..3f2aff917d7d550c19fd2277d2c573142dd02db1 100644 (file)
--- a/modules/sudo/manifests/init.pp
+++ b/modules/sudo/manifests/init.pp
@@ -1,19 +1,37 @@
 class sudo {
     package { sudo: ensure => installed }
 
-    file { "/etc/sudoers":
-        owner   => root,
-        group   => root,
-        mode    => 440,
-        content => template("sudo/sudoers.erb"),
-        require => Package["sudo"]
-                ;
-           "/etc/pam.d/sudo":
-        source  => [ "puppet:///modules/sudo/per-host/$fqdn/pam",
-                     "puppet:///modules/sudo/common/pam" ],
-        require => Package["sudo"]
-                ;
+    file {
+        "/etc/pam.d/sudo":
+            source  => [ "puppet:///modules/sudo/per-host/$fqdn/pam",
+                         "puppet:///modules/sudo/common/pam" ],
+            require => Package["sudo"],
+            ;
+    }
 
+    case getfromhash($nodeinfo, 'wheezy') {
+        true:  {
+            file {
+                "/etc/sudoers":
+                    owner   => root,
+                    group   => root,
+                    mode    => 440,
+                    source  => [ "puppet:///modules/sudo/common/sudoers",
+                    require => Package["sudo"],
+                    ;
+            }
+        }
+        default: {
+            file {
+                "/etc/sudoers":
+                    owner   => root,
+                    group   => root,
+                    mode    => 440,
+                    source  => [ "puppet:///modules/sudo/wheezy/sudoers",
+                    require => Package["sudo"],
+                    ;
+            }
+        }
     }
 }
 # vim:set et: