add tracker db @ danzi to backuppg

[mirror/dsa-puppet.git] / modules / sudo / manifests / init.pp

diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp
index 67f66a5..1c0ea01 100644 (file)
--- a/modules/sudo/manifests/init.pp
+++ b/modules/sudo/manifests/init.pp
@@ -4,7 +4,7 @@ class sudo {
    'sudo',
    'libpam-pwdfile',
   ], {
-     ensure => $package_ensure
+     ensure => 'installed',
   })
 
   file { '/etc/pam.d/sudo':
@@ -17,4 +17,24 @@ class sudo {
     source  => 'puppet:///modules/sudo/sudoers',
     require => Package['sudo'],
   }
+
+  file { '/etc/sudoers.d':
+    ensure  => directory,
+    mode    => '755',
+    purge   => true,
+    recurse => true,
+    force   => true,
+    source  => 'puppet:///files/empty/',
+  }
+  file { '/etc/sudoers.d/README':
+    mode    => '440',
+    content => @(EOT),
+      # According to the README shipped with Debian 10,
+      # this directory, if included in /etc/sudoers, needs
+      # to contain at least one file.  Files which end in
+      # a '~' character or that contain a '.' are ignored.
+      #
+      # Files should be mode 0440 and be edited with visudo.
+      | EOT
+  }
 }