mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-05-08 10:56:03 +02:00
Code Issues

validate the sudoers files before using 

This is already done for the 'sudo' role, but we also have a few more
sudoers files which currently go in unverified.

Signed-off-by: Christian Heusel <christian@heusel.eu>
This commit is contained in:
Christian Heusel 2024-04-24 19:27:00 +02:00
parent e7e6308606
commit f38d013c04
No known key found for this signature in database
GPG Key ID: C047D4F328B52585
5 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/archbuild/tasks/main.yml
View File

@ -132,7 +132,7 @@
- { name: SRCDEST, value: /var/lib/archbuilddest/srcdest }
- name: Install archbuild sudoers config
copy: src=sudoers dest=/etc/sudoers.d/archbuild owner=root group=root mode=0440
copy: src=sudoers dest=/etc/sudoers.d/archbuild owner=root group=root mode=0440 validate='visudo -cf %s'
- name: Install gitconfig
copy: src=gitconfig dest=/etc/gitconfig owner=root group=root mode=0644

2
roles/archweb/tasks/main.yml
View File

@ -283,7 +283,7 @@
when: archweb_site
- name: Install sudoer rights for fetchmail to call archweb django scripts
template: src=sudoers-fetchmail-archweb.j2 dest=/etc/sudoers.d/fetchmail-archweb owner=root group=root mode=0440
template: src=sudoers-fetchmail-archweb.j2 dest=/etc/sudoers.d/fetchmail-archweb owner=root group=root mode=0440 validate='visudo -cf %s'
when: archweb_site
- name: Create retro dir

2
roles/dbscripts/tasks/main.yml
View File

@ -28,7 +28,7 @@
user: name=sourceballs shell=/sbin/nologin
- name: Set up sudoers.d for special users
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600 validate='visudo -cf %s'
- name: Create ssl cert
include_role:

2
roles/phrik/tasks/main.yml
View File

@ -20,7 +20,7 @@
tags: ['archusers']
- name: Install phrik sudoers config
copy: src=sudoers dest=/etc/sudoers.d/phrik owner=root group=root mode=0440
copy: src=sudoers dest=/etc/sudoers.d/phrik owner=root group=root mode=0440 validate='visudo -cf %s'
- name: Install polkit rule for restarting phrik
copy: src=20-manage-phrik.rules dest=/etc/polkit-1/rules.d/20-manage-phrik.rules owner=root group=root mode=0644

2
roles/prometheus_exporters/tasks/main.yml
View File

@ -181,7 +181,7 @@
when: "inventory_hostname == 'gemini.archlinux.org'"
- name: Install sudoers for btrfs
copy: src=sudoers dest=/etc/sudoers.d/node_exporter owner=root group=root mode=0440
copy: src=sudoers dest=/etc/sudoers.d/node_exporter owner=root group=root mode=0440 validate='visudo -cf %s'
when: filesystem == "btrfs"
- name: Install btrfs textcollector service