Host_Alias MEGARAIDHOSTS = sibelius
Host_Alias LISTHOSTS = bendel
Host_Alias BUILDD_MASTER = wuiet
-Host_Alias PORTERBOXES = abel, amdahl, asachi, barriere, eller, falla, fischer, harris, minkus, partch, plummer, pizzetti, zelenka
+Host_Alias PORTERBOXES = abel, amdahl, barriere, eller, harris, minkus, partch, plummer, zelenka
Host_Alias PIUPARTS_SLAVE_HOSTS = piu-slave-bm-a, piu-slave-ubc-01
Host_Alias MQ_HOSTS = rainier, rapoport
Host_Alias JENKINSHOSTS = jerea
-Host_Alias SIGNINGHOSTS = fasolo
# Cmnd alias specification
nagios ALL=(ALL) NOPASSWD: /usr/sbin/service samhain restart
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-filesystems ""
-nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-libs ""
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-libs --ignore-younger=1h
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-stunnel-sanity ""
nagios handel=(puppet) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/ca.pem
# with smartarray controllers
%forums ALL=(forums) ALL
%gitdoadm ALL=(gitdoadm) ALL
# the git user also exists on adayevskaya where it's a different service..
-%gitdoadm godard=(git) ALL
+%gitdoadm godard=(git) ALL
+%gitdoadm godard=(salsa-webhook) ALL
%keyring ALL=(keyring) ALL
%jenkins-adm ALL=(jenkins-adm) ALL
%lintian ALL=(lintian) ALL
dak ALL=(dak-unpriv) NOPASSWD: ALL
# and ftpmaster can access the role user for their web services
%debadmin FTPHOSTS=(dak-web) ALL
-# the dak user gets to sign stuff
-dak SIGNINGHOSTS=(codesign) /usr/local/bin/secure-boot-code-sign
# some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update
%backports FTPHOSTS,coccia=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
%bootstrap boott=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bootstrap.debian.net
d-i dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org
+debian-cd casulana=(staticsync) NOPASSWD: /usr/local/bin/static-update-component cdbuilder-logs.debian.org
lucas dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debaday.debian.net
dsa dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org
dak FTPHOSTS=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org
# trigger of mirror run for packages
dnsadm denis=(root) NOPASSWD: /usr/sbin/service bind9 reload
letsencrypt denis=(dnsadm) NOPASSWD: /srv/dns.debian.org/bin/update
-%adm draghi=(puppet) NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
# wbadm can update all buildd* users' keys on buildd.d.o
%wbadm BUILDD_MASTER=(wb-buildd) ALL
%wbadm BUILDD_MASTER=(root) /usr/local/bin/update-buildd-sshkeys