X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=963d25fdf783ffaa7cd52b94b7bd06a3725d3d74;hb=40676ab4e5a91665f557f34f944bae430f9b4eb0;hp=4284ff0a4b5437dc1a50097faf968148ea22c8e7;hpb=323658c3285d3eba68ebe66cec736a92d2f99c8a;p=mirror%2Fdsa-puppet.git

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 4284ff0a4..963d25fdf 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -21,7 +21,7 @@ Defaults	env_reset
 Defaults	passprompt="[sudo] password for %u on %h: "
 Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-# Find binaries to be executed as archvsync user also in it's home, so the
+# Find binaries to be executed as archvsync user also in its home, so the
 # caller does not need to know.
 Defaults>archvsync secure_path="/home/archvsync/bin:/usr/local/bin:/usr/bin:/bin"
 
@@ -35,11 +35,10 @@ Host_Alias	AACRAIDHOSTS	= pettersson
 Host_Alias	MEGARAIDHOSTS	= sibelius
 Host_Alias	LISTHOSTS	= bendel
 Host_Alias	BUILDD_MASTER	= wuiet
-Host_Alias	PORTERBOXES	= abel, amdahl, asachi, barriere, eller, falla, fischer, harris, minkus, partch, plummer, pizzetti, zelenka
+Host_Alias	PORTERBOXES	= abel, amdahl, barriere, eller, falla, fischer, harris, minkus, partch, plummer, pizzetti, zelenka
 Host_Alias	PIUPARTS_SLAVE_HOSTS	= piu-slave-bm-a, piu-slave-ubc-01
 Host_Alias	MQ_HOSTS	= rainier, rapoport
 Host_Alias	JENKINSHOSTS	= jerea
-Host_Alias	SIGNINGHOSTS	= fasolo
 
 # Cmnd alias specification
 
@@ -131,7 +130,8 @@ nagios		storace=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg
 %forums		ALL=(forums)	ALL
 %gitdoadm	ALL=(gitdoadm)	ALL
 # the git user also exists on adayevskaya where it's a different service..
-%gitdoadm	godard=(git)	ALL
+%gitdoadm	godard=(git)		ALL
+%gitdoadm	godard=(salsa-webhook)	ALL
 %keyring	ALL=(keyring)	ALL
 %jenkins-adm	ALL=(jenkins-adm)	ALL
 %lintian	ALL=(lintian)	ALL
@@ -176,8 +176,6 @@ nagios		storace=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg
 dak		ALL=(dak-unpriv)	NOPASSWD: ALL
 # and ftpmaster can access the role user for their web services
 %debadmin	FTPHOSTS=(dak-web)	ALL
-# the dak user gets to sign stuff
-dak		SIGNINGHOSTS=(codesign)	/usr/local/bin/secure-boot-code-sign
 
 # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
 %apachectrl	ALL=(root)	/usr/sbin/apache2-vhost-update
@@ -238,7 +236,6 @@ piupartss	PIUPARTS_SLAVE_HOSTS=(ALL)		NOPASSWD: ALL
 # trigger of mirror run for packages
 dnsadm		denis=(root)			NOPASSWD: /usr/sbin/service bind9 reload
 letsencrypt	denis=(dnsadm)			NOPASSWD: /srv/dns.debian.org/bin/update
-%adm		draghi=(puppet)			NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
 # wbadm can update all buildd* users' keys on buildd.d.o
 %wbadm		BUILDD_MASTER=(wb-buildd)	ALL
 %wbadm		BUILDD_MASTER=(root)		/usr/local/bin/update-buildd-sshkeys