--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root ALL=(ALL) ALL
+
+%adm ALL=(ALL) ALL
+%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
+
+# The piuparts slave needs to handle chroots
+piupartss ALL=(ALL) NOPASSWD: ALL
+
+#piuparts admins
+%piuparts ALL=(piupartss) ALL
+%piuparts ALL=(piupartsm) ALL
+
+%mirroradm ALL=(archvsync) ALL
+%uddadm ALL=(udd) ALL
+%debbugs ALL=(debbugs) ALL
+%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update
+
+nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none