X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=9d24e73486229a49fc2d5afe87209018f06ea35e;hb=c7e16981750e54fada13de97e4542f89cae46e80;hp=5b816ea720258f8773f78c7c0b38531ebf4be3a0;hpb=e3d69adb01f1b4cb87e9d6479b46f760153d11be;p=mirror%2Fdsa-puppet.git

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 5b816ea72..9d24e7348 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -33,9 +33,10 @@ Host_Alias	FTPHOSTS	= fasolo
 Host_Alias	ZIVITHOSTS	= zelenka, zandonai
 Host_Alias	AACRAIDHOSTS	= pettersson
 Host_Alias	MEGARAIDHOSTS	= sibelius
+Host_Alias	DELLHOSTS	= schumann, wieck
 Host_Alias	LISTHOSTS	= bendel
 Host_Alias	BUILDD_MASTER	= wuiet
-Host_Alias	PORTERBOXES	= abel, amdahl, asachi, barriere, eller, falla, fischer, harris, minkus, partch, plummer, pizzetti, zelenka
+Host_Alias	PORTERBOXES	= abel, amdahl, barriere, eller, harris, minkus, partch, plummer, zelenka
 Host_Alias	PIUPARTS_SLAVE_HOSTS	= piu-slave-bm-a, piu-slave-ubc-01
 Host_Alias	MQ_HOSTS	= rainier, rapoport
 Host_Alias	JENKINSHOSTS	= jerea
@@ -54,14 +55,14 @@ root	ALL=(ALL) ALL
 %zivit-admins	ZIVITHOSTS=(ALL)	NOPASSWD: ALL
 
 # nagios
-nagios		ALL=(ALL)	NOPASSWD: /bin/systemctl is-system-running
 nagios		MQ_HOSTS=(rabbitmq)	NOPASSWD: /usr/sbin/rabbitmqctl list_queues -p dsa name messages consumers
 nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/service ekeyd-egd-linux restart
 nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/service samhain restart
 nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
 nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-filesystems ""
-nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-libs ""
+nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-libs --ignore-younger=1h
 nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-stunnel-sanity ""
+nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-systemd-services ""
 nagios		handel=(puppet)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/ca.pem
 # with smartarray controllers
 nagios		ALL=(ALL)	NOPASSWD: /sbin/hpasmcli ""
@@ -86,6 +87,7 @@ nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] show statu
 # other raid controllers
 nagios		AACRAIDHOSTS=(ALL)	NOPASSWD: /usr/local/bin/arcconf GETCONFIG 1 LD, /usr/local/bin/arcconf GETCONFIG 1 AD
 nagios		MEGARAIDHOSTS=(ALL)	NOPASSWD: /usr/local/bin/megarc -AllAdpInfo -nolog, /usr/local/bin/megarc -dispCfg -a0 -nolog
+nagios		DELLHOSTS=(ALL)		NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage ""
 # other nagios things
 nagios		backuphost=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
 nagios		storace=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
@@ -130,7 +132,8 @@ nagios		storace=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg
 %forums		ALL=(forums)	ALL
 %gitdoadm	ALL=(gitdoadm)	ALL
 # the git user also exists on adayevskaya where it's a different service..
-%gitdoadm	godard=(git)	ALL
+%gitdoadm	godard=(git)		ALL
+%gitdoadm	godard=(salsa-webhook)	ALL
 %keyring	ALL=(keyring)	ALL
 %jenkins-adm	ALL=(jenkins-adm)	ALL
 %lintian	ALL=(lintian)	ALL
@@ -188,6 +191,7 @@ buildd		ALL=(ALL)		NOPASSWD: ALL
 %backports	FTPHOSTS,coccia=(staticsync)	NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
 %bootstrap	boott=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component bootstrap.debian.net
 d-i		dillon=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org
+debian-cd	casulana=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component cdbuilder-logs.debian.org
 lucas		dillon=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component debaday.debian.net
 dsa		dillon=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org
 dak		FTPHOSTS=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org
@@ -235,7 +239,6 @@ piupartss	PIUPARTS_SLAVE_HOSTS=(ALL)		NOPASSWD: ALL
 # trigger of mirror run for packages
 dnsadm		denis=(root)			NOPASSWD: /usr/sbin/service bind9 reload
 letsencrypt	denis=(dnsadm)			NOPASSWD: /srv/dns.debian.org/bin/update
-%adm		draghi=(puppet)			NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
 # wbadm can update all buildd* users' keys on buildd.d.o
 %wbadm		BUILDD_MASTER=(wb-buildd)	ALL
 %wbadm		BUILDD_MASTER=(root)		/usr/local/bin/update-buildd-sshkeys