X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=987026ea1ca025730b09741259f580aec2fda0f5;hb=b21fa403fa50c427e5975042173f5a4e631562f0;hp=52b97764fe6aa888a30b56fb72842f3fe673c938;hpb=8738ae49823878e5477bcaceed1514e4974b84a2;p=mirror%2Fdsa-puppet.git

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 52b97764f..987026ea1 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -32,7 +32,8 @@ Host_Alias	MEGARAIDHOSTS	= grieg, rautavaara, sibelius
 Host_Alias	MPTRAIDHOSTS	= fasch, holter, barber, biber, cilea, vitry, krenek, orff
 Host_Alias	MEGACTLHOSTS	= lindberg, englund, nielsen
 Host_Alias	LISTHOSTS	= bendel
-Host_Alias	PORTERBOXES	= barriere, fischer, merulo, smetana
+Host_Alias	PORTERBOXES	= agricola, barriere, eder, falla, fischer, gabrielli, harris, merulo, partch, smetana, zelenka
+Host_Alias	PIUPARTS_SLAVE_HOSTS	= piatti, piu-slave-bm-a
 
 # Cmnd alias specification
 
@@ -117,8 +118,8 @@ nagios		beethoven=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backup
 %gobby		gombert=(gobby)	ALL
 
 # the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
-dak		ALL=(dak-unpriv)	NOPASSWD: ALL
 %ftptrainee	FTPHOSTS=(dak-unpriv)	NOPASSWD: /usr/bin/lintian
+dak		ALL=(dak-unpriv)	NOPASSWD: ALL
 
 # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
 %apachectrl	ALL=(root)	/usr/sbin/apache2-vhost-update
@@ -128,12 +129,14 @@ dak		ALL=(dak-unpriv)	NOPASSWD: ALL
 Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
 buildd		ALL=(ALL)		NOPASSWD: ALL
 
-%planet		senfl=(staticsync)	NOPASSWD: /usr/local/bin/static-update-component planet.debian.org
-%debbits	master=(staticsync)	NOPASSWD: /usr/local/bin/static-update-component bits.debian.org
 %backports	franck,ries=(staticsync)	NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
+dak		franck=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component ftp-master.metadata.debian.org
+%debbits	master=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component bits.debian.org
+planet		senfl=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component planet.debian.org
+debwww		wolkenstein=(staticsync)	NOPASSWD: /usr/local/bin/static-update-component www.debian.org
 
 # The piuparts slave needs to handle chroots
-piupartss	piatti=(ALL)		NOPASSWD: ALL
+piupartss	PIUPARTS_SLAVE_HOSTS=(ALL)		NOPASSWD: ALL
 # trigger of mirror run for packages
 #pkg_user	powell=(archvsync)	NOPASSWD: /home/archvsync/bin/pushpdo
 # on draghi, the domains git thing will run bind9 reload afterwards
@@ -151,8 +154,6 @@ planet		senfl=(archvsync)	NOPASSWD: /home/archvsync/bin/runplanet ""
 # archvsync triggers snapshot
 archvsync	sibelius,stabile=(snapshot)	NOPASSWD: /srv/snapshot.debian.org/bin/update-trigger
 archvsync	sibelius,stabile=(snapshot)	NOPASSWD: /srv/2ndsnapshot/bin/update-trigger
-# allow the debbugs-mirror user on rietz to release the afs volume so changes make it to the read-only replicas
-debbugs-mirror	rietz=(root)		NOPASSWD: /usr/bin/vos release -id srv.mirrors.bugs -localauth
 # dak stuff
 %debian-release	FTPHOSTS=(dak)		/usr/local/bin/dak transitions --import *
 %ftpteam	FTPHOSTS=(dak)		/usr/local/bin/dak transitions --import *
@@ -163,7 +164,7 @@ debbugs-mirror	rietz=(root)		NOPASSWD: /usr/bin/vos release -id srv.mirrors.bugs
 dak		SECHOSTS=(archvsync)	NOPASSWD: /home/archvsync/signal_security
 # web stuff
 debwww		WEBHOSTS=(archvsync)	NOPASSWD: /home/archvsync/webmirrors/runmirrors
-%press		WEBHOSTS=(debwww)	/org/www.debian.org/update-part News
+%press		WEBHOSTS=(debwww)	/srv/www.debian.org/update-part News
 # more list stuff
 %list		LISTHOSTS=(root)		/usr/sbin/postfix reload
 %list		LISTHOSTS=(root)		/usr/sbin/qshape, /usr/sbin/postsuper
@@ -176,14 +177,4 @@ geodnssync	geo1,geo2,geo3=(root)	NOPASSWD: /usr/sbin/rndc reconfig
 # pushed nagiosadm reload icinga on tchaikovsky
 nagiosadm	tchaikovsky=(root)		NOPASSWD: /usr/sbin/service icinga reload
 
-# Porter work
-%porter-armel	abel,agricola=(root)	/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
-%porter-armel	harris=(root)		/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
-%porter-amd64	barriere,pergolesi=(root)	/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
-%porter-bsd	falla,fischer=(root)	/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
-%porter-ia64	merulo=(root)		/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
-%porter-mips	eder,gabrielli=(root)	/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
-%porter-ppc	partch=(root)		/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
-%porter-s390	zelenka=(root)		/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
-%porter-sparc	smetana,sperger=(root)	/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
 %Debian,%guest	PORTERBOXES=(root)	NOPASSWD: /usr/local/bin/dd-schroot-cmd