X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fsudo%2Fmanifests%2Finit.pp;h=1c0ea0155fcfc0127fe95b6600fce0519f21300a;hb=fc58aacc31f985a2ee4f1dfe9455bda74aca5942;hp=67f66a5db6aafdbcec2bee70d15646a7aa6a5a20;hpb=167ea6c883c7e0f9425397b09ce72d072a4068a9;p=mirror%2Fdsa-puppet.git

diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp
index 67f66a5db..1c0ea0155 100644
--- a/modules/sudo/manifests/init.pp
+++ b/modules/sudo/manifests/init.pp
@@ -4,7 +4,7 @@ class sudo {
    'sudo',
    'libpam-pwdfile',
   ], {
-     ensure => $package_ensure
+     ensure => 'installed',
   })
 
   file { '/etc/pam.d/sudo':
@@ -17,4 +17,24 @@ class sudo {
     source  => 'puppet:///modules/sudo/sudoers',
     require => Package['sudo'],
   }
+
+  file { '/etc/sudoers.d':
+    ensure  => directory,
+    mode    => '755',
+    purge   => true,
+    recurse => true,
+    force   => true,
+    source  => 'puppet:///files/empty/',
+  }
+  file { '/etc/sudoers.d/README':
+    mode    => '440',
+    content => @(EOT),
+      # According to the README shipped with Debian 10,
+      # this directory, if included in /etc/sudoers, needs
+      # to contain at least one file.  Files which end in
+      # a '~' character or that contain a '.' are ignored.
+      #
+      # Files should be mode 0440 and be edited with visudo.
+      | EOT
+  }
 }