# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification
Cmnd_Alias	EXCLUDE=!/sbin/halt, !/bin/rm -rf /

# Cmnd alias for deploy user
Cmnd_Alias	ENV=/usr/bin/env *
Cmnd_Alias	SH=/bin/sh *
Cmnd_Alias	GITPULL=/usr/bin/git pull *
Cmnd_Alias	LXCA=/usr/bin/lxc-attach -n *
Cmnd_Alias	MAKE=/usr/bin/make *
Cmnd_Alias	MKDOCS=/usr/local/bin/mkdocs *

#
Cmnd_Alias	THELOUNGE=/srv/thelounge/.yarn/bin/thelounge add *
#Cmnd_Alias	TOOT=/usr/bin/toot post *

# User privilege specification
root		ALL=(ALL:ALL) ALL,EXCLUDE
services	ALL=(ALL:ALL) NOPASSWD: ALL,EXCLUDE
deploy		ALL=(ALL:ALL) NOPASSWD: ENV,SH,GITPULL,LXCA,MAKE,MKDOCS

# Allow members of group sudo to execute any command
%sudo		ALL=(ALL:ALL) NOPASSWD: ALL,EXCLUDE

# ENVS GROUP
%envs		ALL=(thelounge)	NOPASSWD: THELOUNGE
#%envs		ALL=(services)	NOPASSWD: TOOT

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d