X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Fmanifests%2Finit.pp;h=1c0ea0155fcfc0127fe95b6600fce0519f21300a;hb=4b84b19c56499b324af5f25a5fd5ce300db34d0e;hp=887168cd3d71eb32cc0544a82aaa25d16a7187da;hpb=df139d79f25056c8107af6eb615961b8cdba4ea9;p=mirror%2Fdsa-puppet.git

diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp
index 887168cd3..1c0ea0155 100644
--- a/modules/sudo/manifests/init.pp
+++ b/modules/sudo/manifests/init.pp
@@ -1,21 +1,40 @@
+# Debian.org's sudo setup
 class sudo {
-	package { sudo: ensure => installed }
+  ensure_packages ( [
+   'sudo',
+   'libpam-pwdfile',
+  ], {
+     ensure => 'installed',
+  })
 
-	file { "/etc/sudoers":
-		owner   => root,
-		group   => root,
-		mode    => 440,
-		content => template("sudo/sudoers.erb"),
-		require => Package["sudo"]
-                ;
-	       "/etc/pam.d/sudo":
-		source  => [ "puppet:///modules/sudo/per-host/$fqdn/pam",
-		             "puppet:///modules/sudo/common/pam" ],
-		require => Package["sudo"]
-                ;
+  file { '/etc/pam.d/sudo':
+    source  => 'puppet:///modules/sudo/pam',
+    require => Package['sudo'],
+  }
 
-	}
+  file { '/etc/sudoers':
+    mode    => '0440',
+    source  => 'puppet:///modules/sudo/sudoers',
+    require => Package['sudo'],
+  }
+
+  file { '/etc/sudoers.d':
+    ensure  => directory,
+    mode    => '755',
+    purge   => true,
+    recurse => true,
+    force   => true,
+    source  => 'puppet:///files/empty/',
+  }
+  file { '/etc/sudoers.d/README':
+    mode    => '440',
+    content => @(EOT),
+      # According to the README shipped with Debian 10,
+      # this directory, if included in /etc/sudoers, needs
+      # to contain at least one file.  Files which end in
+      # a '~' character or that contain a '.' are ignored.
+      #
+      # Files should be mode 0440 and be edited with visudo.
+      | EOT
+  }
 }
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4: