mirror of https://git.envs.net/envs/ops.git
48 lines
1.3 KiB
Plaintext
48 lines
1.3 KiB
Plaintext
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
|
#
|
|
# This file MUST be edited with the 'visudo' command as root.
|
|
#
|
|
# Please consider adding local content in /etc/sudoers.d/ instead of
|
|
# directly modifying this file.
|
|
#
|
|
# See the man page for details on how to write a sudoers file.
|
|
#
|
|
Defaults env_reset
|
|
Defaults mail_badpass
|
|
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
|
|
# Host alias specification
|
|
|
|
# User alias specification
|
|
|
|
# Cmnd alias specification
|
|
Cmnd_Alias EXCLUDE=!/sbin/halt, !/bin/rm -rf /
|
|
|
|
# Cmnd alias for deploy user
|
|
Cmnd_Alias ENV=/usr/bin/env *
|
|
Cmnd_Alias SH=/bin/sh *
|
|
Cmnd_Alias GITPULL=/usr/bin/git pull *
|
|
Cmnd_Alias LXCA=/usr/bin/lxc-attach -n *
|
|
Cmnd_Alias MAKE=/usr/bin/make *
|
|
Cmnd_Alias MKDOCS=/usr/local/bin/mkdocs *
|
|
|
|
#
|
|
Cmnd_Alias THELOUNGE=/srv/thelounge/.yarn/bin/thelounge add *
|
|
#Cmnd_Alias TOOT=/usr/bin/toot post *
|
|
|
|
# User privilege specification
|
|
root ALL=(ALL:ALL) ALL,EXCLUDE
|
|
services ALL=(ALL:ALL) NOPASSWD: ALL,EXCLUDE
|
|
deploy ALL=(ALL:ALL) NOPASSWD: ENV,SH,GITPULL,LXCA,MAKE,MKDOCS
|
|
|
|
# Allow members of group sudo to execute any command
|
|
%sudo ALL=(ALL:ALL) NOPASSWD: ALL,EXCLUDE
|
|
|
|
# ENVS GROUP
|
|
%envs ALL=(thelounge) NOPASSWD: THELOUNGE
|
|
#%envs ALL=(services) NOPASSWD: TOOT
|
|
|
|
# See sudoers(5) for more information on "#include" directives:
|
|
|
|
#includedir /etc/sudoers.d
|