Add sudoers files

diff --git a/modules/sudo/files/per-host/agnesi.debian.org/sudoers b/modules/sudo/files/per-host/agnesi.debian.org/sudoers
new file mode 100644 (file)
index 0000000..6662eb9
--- /dev/null
+++ b/modules/sudo/files/per-host/agnesi.debian.org/sudoers
@@ -0,0 +1,28 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+admin  ALL=(ALL) ALL
+joeyh  ALL=(ALL) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/agricola.debian.org/sudoers b/modules/sudo/files/per-host/agricola.debian.org/sudoers
new file mode 100644 (file)
index 0000000..7cba96e
--- /dev/null
+++ b/modules/sudo/files/per-host/agricola.debian.org/sudoers
@@ -0,0 +1,31 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Uncomment to allow members of group sudo to not need a password
+# %sudo ALL=NOPASSWD: ALL
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/albeniz.debian.org/sudoers b/modules/sudo/files/per-host/albeniz.debian.org/sudoers
new file mode 100644 (file)
index 0000000..61a7df7
--- /dev/null
+++ b/modules/sudo/files/per-host/albeniz.debian.org/sudoers
@@ -0,0 +1,36 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults        env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root      ALL=(ALL) ALL
+
+# DSA
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+# Defaults
+#Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+
+# local admin
+%sanger   ALL=(ALL) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/allegri.debian.org/sudoers b/modules/sudo/files/per-host/allegri.debian.org/sudoers
new file mode 100644 (file)
index 0000000..d9fad99
--- /dev/null
+++ b/modules/sudo/files/per-host/allegri.debian.org/sudoers
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Uncomment to allow members of group sudo to not need a password
+# %sudo ALL=NOPASSWD: ALL
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# buildd
+buildd ALL=NOPASSWD: ALL
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/arcadelt.debian.org/sudoers b/modules/sudo/files/per-host/arcadelt.debian.org/sudoers
new file mode 100644 (file)
index 0000000..d9fad99
--- /dev/null
+++ b/modules/sudo/files/per-host/arcadelt.debian.org/sudoers
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Uncomment to allow members of group sudo to not need a password
+# %sudo ALL=NOPASSWD: ALL
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# buildd
+buildd ALL=NOPASSWD: ALL
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/argento.debian.org/sudoers b/modules/sudo/files/per-host/argento.debian.org/sudoers
new file mode 100644 (file)
index 0000000..7071f77
--- /dev/null
+++ b/modules/sudo/files/per-host/argento.debian.org/sudoers
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Uncomment to allow members of group sudo to not need a password
+# %sudo ALL=NOPASSWD: ALL
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# buildd
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd  ALL=NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/ball.debian.org/sudoers b/modules/sudo/files/per-host/ball.debian.org/sudoers
new file mode 100644 (file)
index 0000000..231a9d5
--- /dev/null
+++ b/modules/sudo/files/per-host/ball.debian.org/sudoers
@@ -0,0 +1,34 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+#rmurray       ALL=(ALL) NOPASSWD: ALL
+#luk   ALL=(ALL) NOPASSWD: ALL
+#ths   ALL=(ALL) NOPASSWD: ALL
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=(ALL) NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/bartok.debian.org/sudoers b/modules/sudo/files/per-host/bartok.debian.org/sudoers
new file mode 100644 (file)
index 0000000..e7205d0
--- /dev/null
+++ b/modules/sudo/files/per-host/bartok.debian.org/sudoers
@@ -0,0 +1,31 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/brahms.debian.org/sudoers b/modules/sudo/files/per-host/brahms.debian.org/sudoers
new file mode 100644 (file)
index 0000000..1b5dd40
--- /dev/null
+++ b/modules/sudo/files/per-host/brahms.debian.org/sudoers
@@ -0,0 +1,36 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# buildd
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd          ALL=NOPASSWD: ALL
+%buildd         ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""

diff --git a/modules/sudo/files/per-host/caballero.debian.org/sudoers b/modules/sudo/files/per-host/caballero.debian.org/sudoers
new file mode 100644 (file)
index 0000000..c2d3ecf
--- /dev/null
+++ b/modules/sudo/files/per-host/caballero.debian.org/sudoers
@@ -0,0 +1,32 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# buildd
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/carver.debian.org/sudoers b/modules/sudo/files/per-host/carver.debian.org/sudoers
new file mode 100644 (file)
index 0000000..c5a80dd
--- /dev/null
+++ b/modules/sudo/files/per-host/carver.debian.org/sudoers
@@ -0,0 +1,40 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+
+%mirroradm      ALL=(archvsync) ALL
+%apachectrl     ALL=(root) /usr/sbin/apache2-vhost-update

diff --git a/modules/sudo/files/per-host/chopin.debian.org/sudoers b/modules/sudo/files/per-host/chopin.debian.org/sudoers
new file mode 100644 (file)
index 0000000..a440128
--- /dev/null
+++ b/modules/sudo/files/per-host/chopin.debian.org/sudoers
@@ -0,0 +1,37 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+
+%apachectrl     ALL=(root) /usr/sbin/apache2-vhost-update
+
+%mirroradm ALL=(archvsync) ALL
+%debadmin ALL=(dak) ALL
+

diff --git a/modules/sudo/files/per-host/crest.debian.org/sudoers b/modules/sudo/files/per-host/crest.debian.org/sudoers
new file mode 100644 (file)
index 0000000..3655e58
--- /dev/null
+++ b/modules/sudo/files/per-host/crest.debian.org/sudoers
@@ -0,0 +1,42 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# hack to fix Jan. 06 sudo breakage 20060126 MSch
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root             ALL=(ALL) ALL
+doko      ALL = NOPASSWD: ALL
+gotom     ALL = NOPASSWD: ALL
+joey      ALL = NOPASSWD: ALL
+
+# m68k buildd admins
+adconrad  ALL = NOPASSWD: ALL
+buildd    ALL = NOPASSWD: ALL
+cts       ALL = NOPASSWD: ALL
+schmitz   ALL = NOPASSWD: ALL
+smarenka  ALL =(ALL) NOPASSWD: ALL
+smurf     ALL = NOPASSWD: ALL
+wouter    ALL = NOPASSWD: ALL
+younie    ALL = NOPASSWD: ALL
+luk       ALL = NOPASSWD: ALL
+
+# Debian Administration
+%adm             ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots

diff --git a/modules/sudo/files/per-host/dijkstra.debian.org/sudoers b/modules/sudo/files/per-host/dijkstra.debian.org/sudoers
new file mode 100644 (file)
index 0000000..336db94
--- /dev/null
+++ b/modules/sudo/files/per-host/dijkstra.debian.org/sudoers
@@ -0,0 +1,39 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+

diff --git a/modules/sudo/files/per-host/elara.debian.org/sudoers b/modules/sudo/files/per-host/elara.debian.org/sudoers
new file mode 100644 (file)
index 0000000..726cc22
--- /dev/null
+++ b/modules/sudo/files/per-host/elara.debian.org/sudoers
@@ -0,0 +1,27 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=(ALL) NOPASSWD: ALL
+%buildd ALL=(buildd) ALL

diff --git a/modules/sudo/files/per-host/europa.debian.org/sudoers b/modules/sudo/files/per-host/europa.debian.org/sudoers
new file mode 100644 (file)
index 0000000..726cc22
--- /dev/null
+++ b/modules/sudo/files/per-host/europa.debian.org/sudoers
@@ -0,0 +1,27 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=(ALL) NOPASSWD: ALL
+%buildd ALL=(buildd) ALL

diff --git a/modules/sudo/files/per-host/geo1.debian.org/sudoers b/modules/sudo/files/per-host/geo1.debian.org/sudoers
new file mode 100644 (file)
index 0000000..5da2521
--- /dev/null
+++ b/modules/sudo/files/per-host/geo1.debian.org/sudoers
@@ -0,0 +1,31 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""

diff --git a/modules/sudo/files/per-host/geo2.debian.org/sudoers b/modules/sudo/files/per-host/geo2.debian.org/sudoers
new file mode 100644 (file)
index 0000000..5da2521
--- /dev/null
+++ b/modules/sudo/files/per-host/geo2.debian.org/sudoers
@@ -0,0 +1,31 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""

diff --git a/modules/sudo/files/per-host/geo3.debian.org/sudoers b/modules/sudo/files/per-host/geo3.debian.org/sudoers
new file mode 100644 (file)
index 0000000..5da2521
--- /dev/null
+++ b/modules/sudo/files/per-host/geo3.debian.org/sudoers
@@ -0,0 +1,31 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""

diff --git a/modules/sudo/files/per-host/gluck.debian.org/sudoers b/modules/sudo/files/per-host/gluck.debian.org/sudoers
new file mode 100644 (file)
index 0000000..090b1b6
--- /dev/null
+++ b/modules/sudo/files/per-host/gluck.debian.org/sudoers
@@ -0,0 +1,44 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# HP local admin group
+%hpadmins      ALL=(ALL) ALL
+
+%popcon                ALL=(popcon) ALL
+%debwww                ALL=(debwww) ALL
+%planet                ALL=(planet) ALL
+%lintian       ALL=(lintian) ALL
+%snapshot      ALL=(snapshot) ALL
+
+%mirroradm ALL=(archvsync) ALL
+
+nagios ALL=(root) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/goedel.debian.org/sudoers b/modules/sudo/files/per-host/goedel.debian.org/sudoers
new file mode 100644 (file)
index 0000000..1c97e4c
--- /dev/null
+++ b/modules/sudo/files/per-host/goedel.debian.org/sudoers
@@ -0,0 +1,32 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# Defaults
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd  ALL=NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/goetz.debian.org/sudoers b/modules/sudo/files/per-host/goetz.debian.org/sudoers
new file mode 100644 (file)
index 0000000..3510c21
--- /dev/null
+++ b/modules/sudo/files/per-host/goetz.debian.org/sudoers
@@ -0,0 +1,37 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# Defaults
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+# local admin
+%sanger        ALL=(ALL) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/handel.debian.org/sudoers b/modules/sudo/files/per-host/handel.debian.org/sudoers
new file mode 100644 (file)
index 0000000..a68cfde
--- /dev/null
+++ b/modules/sudo/files/per-host/handel.debian.org/sudoers
@@ -0,0 +1,32 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/kassia.debian.org/sudoers b/modules/sudo/files/per-host/kassia.debian.org/sudoers
new file mode 100644 (file)
index 0000000..7dfb269
--- /dev/null
+++ b/modules/sudo/files/per-host/kassia.debian.org/sudoers
@@ -0,0 +1,37 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+jeroen ALL=(ALL) ALL
+
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/klecker.debian.org/sudoers b/modules/sudo/files/per-host/klecker.debian.org/sudoers
new file mode 100644 (file)
index 0000000..a8bab5d
--- /dev/null
+++ b/modules/sudo/files/per-host/klecker.debian.org/sudoers
@@ -0,0 +1,52 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+jeroen ALL=(ALL) ALL
+
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# Security
+%security klecker=(dak) NOPASSWD:/usr/local/bin/dak new-security-install -[AR] -- *
+%sec_public klecker=(dak) NOPASSWD:/usr/local/bin/dak new-security-install -[AR] -- *
+%sec_data klecker=(archvsync) NOPASSWD: /home/archvsync/security/signal ""
+
+# ftpmaster
+%debadmin ALL=(root) NOPASSWD:/bin/su - dak, (dak) NOPASSWD: ALL
+dak      ALL=(archvsync) NOPASSWD:/home/archvsync/runmirrors, NOPASSWD:/home/archvsync/rundebbugs, NOPASSWD:/home/archvsync/runpackageweb, NOPASSWD:/home/archvsync/signal_security
+
+# www-master
+debwww klecker=(archvsync) NOPASSWD:/home/archvsync/webmirrors/runmirrors
+# Updating the web pages
+%debwww ALL=(debwww) ALL
+
+%apachectrl     ALL=(root) /usr/sbin/apache2-vhost-update
+
+# mirroradm
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/lafayette.debian.org/sudoers b/modules/sudo/files/per-host/lafayette.debian.org/sudoers
new file mode 100644 (file)
index 0000000..b7c09d4
--- /dev/null
+++ b/modules/sudo/files/per-host/lafayette.debian.org/sudoers
@@ -0,0 +1,36 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+
+# buildd
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd          ALL=NOPASSWD: ALL
+%buildd         ALL=(buildd) ALL

diff --git a/modules/sudo/files/per-host/lebrun.debian.org/sudoers b/modules/sudo/files/per-host/lebrun.debian.org/sudoers
new file mode 100644 (file)
index 0000000..377b626
--- /dev/null
+++ b/modules/sudo/files/per-host/lebrun.debian.org/sudoers
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=NOPASSWD: ALL
+%buildd        ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""

diff --git a/modules/sudo/files/per-host/liszt.debian.org/sudoers b/modules/sudo/files/per-host/liszt.debian.org/sudoers
new file mode 100644 (file)
index 0000000..ce57bc8
--- /dev/null
+++ b/modules/sudo/files/per-host/liszt.debian.org/sudoers
@@ -0,0 +1,49 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# Listmaster stuff
+%listweb  ALL=(listweb) NOPASSWD: ALL
+%list  ALL=(list) NOPASSWD: ALL
+
+%list  ALL=(root) NOPASSWD: /usr/sbin/postfix reload
+%list  ALL=(root) NOPASSWD: /usr/sbin/qshape
+%list  ALL=(root) /usr/sbin/postsuper
+%list  ALL=(root) /etc/init.d/spamassassin restart
+%list  ALL=(root) /etc/init.d/amavisd
+%list  ALL=(root) /usr/local/sbin/amavisd-new
+%list  ALL=(amavis) NOPASSWD: ALL
+
+%apachectrl     ALL=(root) /usr/sbin/apache2-vhost-update
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+
+

diff --git a/modules/sudo/files/per-host/lobos.debian.org/sudoers b/modules/sudo/files/per-host/lobos.debian.org/sudoers
new file mode 100644 (file)
index 0000000..ff5e787
--- /dev/null
+++ b/modules/sudo/files/per-host/lobos.debian.org/sudoers
@@ -0,0 +1,33 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/mahler.debian.org/sudoers b/modules/sudo/files/per-host/mahler.debian.org/sudoers
new file mode 100644 (file)
index 0000000..e9c9af6
--- /dev/null
+++ b/modules/sudo/files/per-host/mahler.debian.org/sudoers
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+
+dannf    ALL=(ALL) ALL

diff --git a/modules/sudo/files/per-host/malo.debian.org/sudoers b/modules/sudo/files/per-host/malo.debian.org/sudoers
new file mode 100644 (file)
index 0000000..d1411cb
--- /dev/null
+++ b/modules/sudo/files/per-host/malo.debian.org/sudoers
@@ -0,0 +1,32 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# buildd
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=NOPASSWD: ALL
+%buildd        ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/master.debian.org/sudoers b/modules/sudo/files/per-host/master.debian.org/sudoers
new file mode 100644 (file)
index 0000000..5492a1e
--- /dev/null
+++ b/modules/sudo/files/per-host/master.debian.org/sudoers
@@ -0,0 +1,43 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+Host_Alias     BUGS = master, spohr
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%debbugs BUGS=(debbugs) NOPASSWD: ALL
+%secretary  ALL=(secretary) ALL
+
+# QA
+tbm       ALL=(qa) ALL
+weasel    ALL=(qa) ALL
+aba       ALL=(qa) ALL
+jeroen    ALL=(qa) ALL
+myon      ALL=(qa) ALL
+hertzog   ALL=(qa) ALL
+lucas     ALL=(qa) ALL
+luk       ALL=(qa) ALL
+zack      ALL=(qa) ALL
+djpig     ALL=(qa) ALL
+
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/mpt-status -s
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/mayer.debian.org/sudoers b/modules/sudo/files/per-host/mayer.debian.org/sudoers
new file mode 100644 (file)
index 0000000..11ae925
--- /dev/null
+++ b/modules/sudo/files/per-host/mayer.debian.org/sudoers
@@ -0,0 +1,30 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd  ALL=NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/mayr.debian.org/sudoers b/modules/sudo/files/per-host/mayr.debian.org/sudoers
new file mode 100644 (file)
index 0000000..71762b3
--- /dev/null
+++ b/modules/sudo/files/per-host/mayr.debian.org/sudoers
@@ -0,0 +1,30 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=(ALL) NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/merkel.debian.org/sudoers b/modules/sudo/files/per-host/merkel.debian.org/sudoers
new file mode 100644 (file)
index 0000000..7d014a6
--- /dev/null
+++ b/modules/sudo/files/per-host/merkel.debian.org/sudoers
@@ -0,0 +1,49 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# HP local admin group
+%hpadmins      ALL=(ALL) ALL
+
+%debbugs       ALL=(debbugs) ALL
+%nm            ALL=(nm) ALL
+%dde           ALL=(dde) ALL
+%debadmin      ALL=(katie) NOPASSWD: ALL
+%debadmin      ALL=(dak) ALL
+%debadmin      ALL=(archvsync) NOPASSWD: ALL
+
+%apachectrl    ALL=(root) /usr/sbin/apache2-vhost-update
+
+# QA
+weasel    ALL=(qa) ALL
+aba       ALL=(qa) ALL
+jeroen    ALL=(qa) ALL
+myon      ALL=(qa) ALL
+hertzog   ALL=(qa) ALL
+lucas     ALL=(qa) ALL
+joerg     ALL=(qa) ALL
+djpig     ALL=(qa) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/merulo.debian.org/sudoers b/modules/sudo/files/per-host/merulo.debian.org/sudoers
new file mode 100644 (file)
index 0000000..75f12c1
--- /dev/null
+++ b/modules/sudo/files/per-host/merulo.debian.org/sudoers
@@ -0,0 +1,30 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+# HP local admin group
+%hpadmins      ALL=(ALL) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+

diff --git a/modules/sudo/files/per-host/morales.debian.org/sudoers b/modules/sudo/files/per-host/morales.debian.org/sudoers
new file mode 100644 (file)
index 0000000..9ce0ad8
--- /dev/null
+++ b/modules/sudo/files/per-host/morales.debian.org/sudoers
@@ -0,0 +1,31 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+# local admins
+bzed    ALL=(ALL) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/mundy.debian.org/sudoers b/modules/sudo/files/per-host/mundy.debian.org/sudoers
new file mode 100644 (file)
index 0000000..a64cd97
--- /dev/null
+++ b/modules/sudo/files/per-host/mundy.debian.org/sudoers
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# HP local admin group
+%hpadmins       ALL=(ALL) ALL
+
+# buildd
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd  ALL=NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/murphy.debian.org/sudoers b/modules/sudo/files/per-host/murphy.debian.org/sudoers
new file mode 100644 (file)
index 0000000..ae73896
--- /dev/null
+++ b/modules/sudo/files/per-host/murphy.debian.org/sudoers
@@ -0,0 +1,33 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/paer.debian.org/sudoers b/modules/sudo/files/per-host/paer.debian.org/sudoers
new file mode 100644 (file)
index 0000000..ea1f166
--- /dev/null
+++ b/modules/sudo/files/per-host/paer.debian.org/sudoers
@@ -0,0 +1,33 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/penalosa.debian.org/sudoers b/modules/sudo/files/per-host/penalosa.debian.org/sudoers
new file mode 100644 (file)
index 0000000..984f238
--- /dev/null
+++ b/modules/sudo/files/per-host/penalosa.debian.org/sudoers
@@ -0,0 +1,32 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm           ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%hpadmins      ALL=(ALL) ALL
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd  ALL=NOPASSWD: ALL
+%buildd  ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/pergolesi.debian.org/sudoers b/modules/sudo/files/per-host/pergolesi.debian.org/sudoers
new file mode 100644 (file)
index 0000000..0047970
--- /dev/null
+++ b/modules/sudo/files/per-host/pergolesi.debian.org/sudoers
@@ -0,0 +1,29 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Debian Admin
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+

diff --git a/modules/sudo/files/per-host/peri.debian.org/sudoers b/modules/sudo/files/per-host/peri.debian.org/sudoers
new file mode 100644 (file)
index 0000000..d19df61
--- /dev/null
+++ b/modules/sudo/files/per-host/peri.debian.org/sudoers
@@ -0,0 +1,33 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+#Defaults      env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm           ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%hpadmins      ALL=(ALL) ALL
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd  ALL=NOPASSWD: ALL
+%buildd  ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/pescetti.debian.org/sudoers b/modules/sudo/files/per-host/pescetti.debian.org/sudoers
new file mode 100644 (file)
index 0000000..b3df1d5
--- /dev/null
+++ b/modules/sudo/files/per-host/pescetti.debian.org/sudoers
@@ -0,0 +1,29 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/piatti.debian.org/sudoers b/modules/sudo/files/per-host/piatti.debian.org/sudoers
new file mode 100644 (file)
index 0000000..ba2ea8d
--- /dev/null
+++ b/modules/sudo/files/per-host/piatti.debian.org/sudoers
@@ -0,0 +1,46 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# The piuparts slave needs to handle chroots
+piupartss      ALL=(ALL) NOPASSWD: ALL
+
+#piuparts admins
+%piuparts      ALL=(piupartss) ALL
+%piuparts      ALL=(piupartsm) ALL
+
+%mirroradm     ALL=(archvsync) ALL
+%uddadm                ALL=(udd) ALL
+%debbugs       ALL=(debbugs) ALL
+%apachectrl    ALL=(root) /usr/sbin/apache2-vhost-update
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/powell.debian.org/sudoers b/modules/sudo/files/per-host/powell.debian.org/sudoers
new file mode 100644 (file)
index 0000000..6b12d19
--- /dev/null
+++ b/modules/sudo/files/per-host/powell.debian.org/sudoers
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Debian-admin
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%pkg_maint ALL=(pkg_user) ALL
+%mirroradm ALL=(archvsync) ALL
+pkg_user ALL=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+nagios  ALL=(ALL) NOPASSWD: /usr/local/sbin/areca-cli vsf info

diff --git a/modules/sudo/files/per-host/praetorius.debian.org/sudoers b/modules/sudo/files/per-host/praetorius.debian.org/sudoers
new file mode 100644 (file)
index 0000000..c6db236
--- /dev/null
+++ b/modules/sudo/files/per-host/praetorius.debian.org/sudoers
@@ -0,0 +1,37 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# Defaults
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd  ALL=NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/puccini.debian.org/sudoers b/modules/sudo/files/per-host/puccini.debian.org/sudoers
new file mode 100644 (file)
index 0000000..de6a849
--- /dev/null
+++ b/modules/sudo/files/per-host/puccini.debian.org/sudoers
@@ -0,0 +1,38 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# buildd
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd         ALL=NOPASSWD: ALL
+%buildd                ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+nagios  ALL=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status

diff --git a/modules/sudo/files/per-host/raff.debian.org/sudoers b/modules/sudo/files/per-host/raff.debian.org/sudoers
new file mode 100644 (file)
index 0000000..f55aefa
--- /dev/null
+++ b/modules/sudo/files/per-host/raff.debian.org/sudoers
@@ -0,0 +1,45 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# HP local admin group
+%hpadmins      ALL=(ALL) ALL
+
+%debadmin      ALL=(dak) ALL
+%keyring       ALL=(keyring) ALL
+%apachectrl    ALL=(root) /usr/sbin/apache2-vhost-update
+
+# buildd
+%buildd                ALL=(buildd) ALL
+%wbadm         ALL=(wbadm) ALL
+%wbadm         ALL=(root) /usr/local/bin/update-buildd-sshkeys
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/ravel.debian.org/sudoers b/modules/sudo/files/per-host/ravel.debian.org/sudoers
new file mode 100644 (file)
index 0000000..e017885
--- /dev/null
+++ b/modules/sudo/files/per-host/ravel.debian.org/sudoers
@@ -0,0 +1,39 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%mirroradm     ALL=(archvsync) ALL
+%debadmin      ALL=(dak) ALL
+%apachectrl    ALL=(root) /usr/sbin/apache2-vhost-update
+%d-i           ALL=(d-i) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+

diff --git a/modules/sudo/files/per-host/rem.debian.org/sudoers b/modules/sudo/files/per-host/rem.debian.org/sudoers
new file mode 100644 (file)
index 0000000..88a6998
--- /dev/null
+++ b/modules/sudo/files/per-host/rem.debian.org/sudoers
@@ -0,0 +1,30 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/ries.debian.org/sudoers b/modules/sudo/files/per-host/ries.debian.org/sudoers
new file mode 100644 (file)
index 0000000..a7a1485
--- /dev/null
+++ b/modules/sudo/files/per-host/ries.debian.org/sudoers
@@ -0,0 +1,53 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# ftp-master
+%debadmin ALL=(dak) NOPASSWD: ALL, (root) NOPASSWD: /bin/su - dak
+%debadmin ALL=(archvsync) ALL
+
+# dak:
+dak ALL=(archvsync) NOPASSWD:/home/archvsync/runmirrors
+# per joerg's request (#rt627)  -- weasel 20080418
+%debian-release ALL=(dak) /usr/local/bin/dak transitions --import *
+%ftpteam        ALL=(dak) /usr/local/bin/dak transitions --import *
+
+
+%apachectrl    ALL=(root) /usr/sbin/apache2-vhost-update
+%mirroradm     ALL=(archvsync) ALL
+%debian-release        ALL=(release) ALL
+
+
+
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/rietz.debian.org/sudoers b/modules/sudo/files/per-host/rietz.debian.org/sudoers
new file mode 100644 (file)
index 0000000..9684fec
--- /dev/null
+++ b/modules/sudo/files/per-host/rietz.debian.org/sudoers
@@ -0,0 +1,37 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%debbugs       ALL=(debbugs) ALL
+%mirroradm     ALL=(archvsync) ALL
+%apachectrl    ALL=(root) /usr/sbin/apache2-vhost-update
+
+
+nagios  ALL=(root) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/rore.debian.org/sudoers b/modules/sudo/files/per-host/rore.debian.org/sudoers
new file mode 100644 (file)
index 0000000..9f0215f
--- /dev/null
+++ b/modules/sudo/files/per-host/rore.debian.org/sudoers
@@ -0,0 +1,37 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status

diff --git a/modules/sudo/files/per-host/saens.debian.org/sudoers b/modules/sudo/files/per-host/saens.debian.org/sudoers
new file mode 100644 (file)
index 0000000..052539f
--- /dev/null
+++ b/modules/sudo/files/per-host/saens.debian.org/sudoers
@@ -0,0 +1,40 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Local Admins
+sdier  ALL=ALL
+
+# DSA
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# allow the mirroradm group to mess with the sync scripts and stuff
+# weasel, Tue, 13 Nov 2007 17:22:51 +0100, rt#180
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/samosa.debian.org/sudoers b/modules/sudo/files/per-host/samosa.debian.org/sudoers
new file mode 100644 (file)
index 0000000..fcf142f
--- /dev/null
+++ b/modules/sudo/files/per-host/samosa.debian.org/sudoers
@@ -0,0 +1,38 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# HP local admin group
+%hpadmins      ALL=(ALL) ALL
+
+# dns-update calls "sudo /etc/init.d/bind9 reload"
+%dnsadmin      ALL=(root) NOPASSWD: /etc/init.d/bind9 reload
+%adm   ALL=(root) NOPASSWD: /etc/init.d/bind9 reload
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/schein.debian.org/sudoers b/modules/sudo/files/per-host/schein.debian.org/sudoers
new file mode 100644 (file)
index 0000000..8097209
--- /dev/null
+++ b/modules/sudo/files/per-host/schein.debian.org/sudoers
@@ -0,0 +1,40 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/schroeder.debian.org/sudoers b/modules/sudo/files/per-host/schroeder.debian.org/sudoers
new file mode 100644 (file)
index 0000000..3b32a90
--- /dev/null
+++ b/modules/sudo/files/per-host/schroeder.debian.org/sudoers
@@ -0,0 +1,34 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# buildd
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd  ALL=NOPASSWD: ALL
+%buildd ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/schumann.debian.org/sudoers b/modules/sudo/files/per-host/schumann.debian.org/sudoers
new file mode 100644 (file)
index 0000000..10cb0ba
--- /dev/null
+++ b/modules/sudo/files/per-host/schumann.debian.org/sudoers
@@ -0,0 +1,32 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+
+%debadmin ALL=(dak) ALL
+dak       ALL=(archvsync) NOPASSWD:/home/archvsync/bin/runmirrors, NOPASSWD:/home/archvsync/signal_security

diff --git a/modules/sudo/files/per-host/smetana.debian.org/sudoers b/modules/sudo/files/per-host/smetana.debian.org/sudoers
new file mode 100644 (file)
index 0000000..55be204
--- /dev/null
+++ b/modules/sudo/files/per-host/smetana.debian.org/sudoers
@@ -0,0 +1,31 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+# local admin
+%sanger ALL=(ALL) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/sperger.debian.org/sudoers b/modules/sudo/files/per-host/sperger.debian.org/sudoers
new file mode 100644 (file)
index 0000000..0fac1d8
--- /dev/null
+++ b/modules/sudo/files/per-host/sperger.debian.org/sudoers
@@ -0,0 +1,34 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+# local admin
+bzed   ALL=(ALL) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+

diff --git a/modules/sudo/files/per-host/spohr.debian.org/sudoers b/modules/sudo/files/per-host/spohr.debian.org/sudoers
new file mode 100644 (file)
index 0000000..3906f45
--- /dev/null
+++ b/modules/sudo/files/per-host/spohr.debian.org/sudoers
@@ -0,0 +1,33 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/spontini.debian.org/sudoers b/modules/sudo/files/per-host/spontini.debian.org/sudoers
new file mode 100644 (file)
index 0000000..5a9a315
--- /dev/null
+++ b/modules/sudo/files/per-host/spontini.debian.org/sudoers
@@ -0,0 +1,30 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd ALL=NOPASSWD: ALL
+%buildd        ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/steffani.debian.org/sudoers b/modules/sudo/files/per-host/steffani.debian.org/sudoers
new file mode 100644 (file)
index 0000000..32cbff5
--- /dev/null
+++ b/modules/sudo/files/per-host/steffani.debian.org/sudoers
@@ -0,0 +1,29 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/tartini.debian.org/sudoers b/modules/sudo/files/per-host/tartini.debian.org/sudoers
new file mode 100644 (file)
index 0000000..b64a3c3
--- /dev/null
+++ b/modules/sudo/files/per-host/tartini.debian.org/sudoers
@@ -0,0 +1,24 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+root   ALL=(ALL) ALL
+
+# DSA
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+jeroen  ALL=(ALL) ALL
+
+%forums ALL=(forums) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/unger.debian.org/sudoers b/modules/sudo/files/per-host/unger.debian.org/sudoers
new file mode 100644 (file)
index 0000000..992dc4a
--- /dev/null
+++ b/modules/sudo/files/per-host/unger.debian.org/sudoers
@@ -0,0 +1,42 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[02] pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[02] show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+
+# to babylon5
+joerg   ALL=(ALL) /usr/bin/sispmctl -t 1
+joerg   ALL=(ALL) /usr/bin/sispmctl -g 1

diff --git a/modules/sudo/files/per-host/verdi.debian.org/sudoers b/modules/sudo/files/per-host/verdi.debian.org/sudoers
new file mode 100644 (file)
index 0000000..659f8ad
--- /dev/null
+++ b/modules/sudo/files/per-host/verdi.debian.org/sudoers
@@ -0,0 +1,28 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%volatile ALL=(volatile) ALL
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/villa.debian.org/sudoers b/modules/sudo/files/per-host/villa.debian.org/sudoers
new file mode 100644 (file)
index 0000000..ff5e787
--- /dev/null
+++ b/modules/sudo/files/per-host/villa.debian.org/sudoers
@@ -0,0 +1,33 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm   ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/voltaire.debian.org/sudoers b/modules/sudo/files/per-host/voltaire.debian.org/sudoers
new file mode 100644 (file)
index 0000000..0b0743b
--- /dev/null
+++ b/modules/sudo/files/per-host/voltaire.debian.org/sudoers
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+#Defaults secure_path="/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin:/usr/bin/X11"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# DSA
+%adm     ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# buildd
+#archvsync ALL=(ALL) NOPASSWD : /usr/local/bin/update-chroots
+Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
+buildd         ALL=(ALL) NOPASSWD : ALL
+%buildd                ALL=(buildd) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/widor.debian.org/sudoers b/modules/sudo/files/per-host/widor.debian.org/sudoers
new file mode 100644 (file)
index 0000000..0500460
--- /dev/null
+++ b/modules/sudo/files/per-host/widor.debian.org/sudoers
@@ -0,0 +1,34 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%wikiadm ALL=(wiki) ALL
+
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
+

diff --git a/modules/sudo/files/per-host/wieck.debian.org/sudoers b/modules/sudo/files/per-host/wieck.debian.org/sudoers
new file mode 100644 (file)
index 0000000..eb124c1
--- /dev/null
+++ b/modules/sudo/files/per-host/wieck.debian.org/sudoers
@@ -0,0 +1,29 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults       env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+%mirroradm ALL=(archvsync) ALL
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/files/per-host/zelenka.debian.org/sudoers b/modules/sudo/files/per-host/zelenka.debian.org/sudoers
new file mode 100644 (file)
index 0000000..fd9f4de
--- /dev/null
+++ b/modules/sudo/files/per-host/zelenka.debian.org/sudoers
@@ -0,0 +1,32 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root   ALL=(ALL) ALL
+
+# local folks
+%zivit-admins  ALL= NOPASSWD: ALL
+
+%adm    ALL=(ALL) ALL
+%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+%adm    ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots
+
+nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none

diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp
new file mode 100644 (file)
index 0000000..d6705dd
--- /dev/null
+++ b/modules/sudo/manifests/init.pp
@@ -0,0 +1,12 @@
+class sudo {
+       package { sudo: ensure => installed }
+
+       file { "/etc/sudoers":
+               owner   => root,
+               group   => root,
+               mode    => 440,
+               source  => [ "puppet:///sudo/per-host/$fqdn/sudoers",
+                            "puppet:///sudo/common/sudoers" ],
+               require => Package["sudo"],
+       }
+}