From 06b58837a172c84036e6897267f3f96c0923741b Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 8 Apr 2009 10:17:17 +0200
Subject: [PATCH] ries: new group debian-release; dak may push mirrors,
 debian-release and ftpteam can run dak transitions as dak.

---
 manifests/site.pp                             |  2 +-
 modules/sudo/files/common/sudoers             |  6 +++
 .../files/per-host/ries.debian.org/sudoers    | 53 -------------------
 3 files changed, 7 insertions(+), 54 deletions(-)
 delete mode 100644 modules/sudo/files/per-host/ries.debian.org/sudoers

diff --git a/manifests/site.pp b/manifests/site.pp
index f4c7955a7..3eb7e00f7 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -45,7 +45,7 @@ node default {
 
     # test here first
     case $hostname {
-        handel,geo1,geo2,geo3,wieck,brahms,bartok,spohr,sperger,carver,rore,malo,peri,penalosa,praetorius,schein,villa,lobos,steffani,kassia,pergolesi,lafayette,rem,albeniz,goetz,smetana,allegri,puccini,ball,argento,arcadelt,dijkstra,schumann,caballero,voltaire,pescetti,mundy,agricola,goedel,lebrun,mayer,mayr,merulo,morales,murphy,paer,saens,schroeder,spontini,widor,zelenka,agnesi,piatti,powell,samosa,gluck,rietz,unger,tartini,mahler,raff,chopin,ravel:    { include sudo }
+        handel,geo1,geo2,geo3,wieck,brahms,bartok,spohr,sperger,carver,rore,malo,peri,penalosa,praetorius,schein,villa,lobos,steffani,kassia,pergolesi,lafayette,rem,albeniz,goetz,smetana,allegri,puccini,ball,argento,arcadelt,dijkstra,schumann,caballero,voltaire,pescetti,mundy,agricola,goedel,lebrun,mayer,mayr,merulo,morales,murphy,paer,saens,schroeder,spontini,widor,zelenka,agnesi,piatti,powell,samosa,gluck,rietz,unger,tartini,mahler,raff,chopin,ravel,ries:    { include sudo }
         default:   {}
     }
 }
diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers
index 019fc097e..a404c23ad 100644
--- a/modules/sudo/files/common/sudoers
+++ b/modules/sudo/files/common/sudoers
@@ -54,6 +54,7 @@ nagios		puccini=(ALL)	NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
 %d-i		ALL=(d-i)	ALL
 %debadmin	ALL=(dak)	ALL
 %debbugs	ALL=(debbugs)	ALL
+%debian-release	ALL=(release)	ALL
 %debwww		ALL=(debwww)	ALL
 %forums		ALL=(forums)	ALL
 %keyring	ALL=(keyring)	ALL
@@ -87,3 +88,8 @@ pkg_user	powell=(archvsync)	NOPASSWD: /home/archvsync/bin/pushpdo
 joerg		unger=(ALL)		/usr/bin/sispmctl -t 1, /usr/bin/sispmctl -g 1
 # wbadm can update all buildd* users' keys on buildd.d.o
 %wbadm		raff=(root)		/usr/local/bin/update-buildd-sshkeys
+# mirror push
+dak		ries=(archvsync)	NOPASSWD:/home/archvsync/runmirrors
+# dak stuff
+%debian-release	ries=(dak)		/usr/local/bin/dak transitions --import *
+%ftpteam	ries=(dak)		/usr/local/bin/dak transitions --import *
diff --git a/modules/sudo/files/per-host/ries.debian.org/sudoers b/modules/sudo/files/per-host/ries.debian.org/sudoers
deleted file mode 100644
index a7a14851b..000000000
--- a/modules/sudo/files/per-host/ries.debian.org/sudoers
+++ /dev/null
@@ -1,53 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-# /etc/sudoers
-#
-# This file MUST be edited with the 'visudo' command as root.
-#
-# See the man page for details on how to write a sudoers file.
-#
-
-Defaults	env_reset
-
-# Host alias specification
-
-# User alias specification
-
-# Cmnd alias specification
-
-# User privilege specification
-root	ALL=(ALL) ALL
-
-# DSA
-%adm ALL=(ALL) ALL
-%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
-
-# ftp-master
-%debadmin ALL=(dak) NOPASSWD: ALL, (root) NOPASSWD: /bin/su - dak
-%debadmin ALL=(archvsync) ALL
-
-# dak:
-dak ALL=(archvsync) NOPASSWD:/home/archvsync/runmirrors
-# per joerg's request (#rt627)  -- weasel 20080418
-%debian-release ALL=(dak) /usr/local/bin/dak transitions --import *
-%ftpteam        ALL=(dak) /usr/local/bin/dak transitions --import *
-
-
-%apachectrl	ALL=(root) /usr/sbin/apache2-vhost-update
-%mirroradm	ALL=(archvsync) ALL
-%debian-release	ALL=(release) ALL
-
-
-
-
-nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
-nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
-- 
2.20.1