From 7bc39a06772feb27525e9431bdb200e59dc32c0b Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 8 Sep 2019 15:57:14 +0200
Subject: [PATCH] Create and own /etc/sudoers.d

---
 modules/sudo/manifests/init.pp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp
index 67f66a5db..6215b1574 100644
--- a/modules/sudo/manifests/init.pp
+++ b/modules/sudo/manifests/init.pp
@@ -17,4 +17,24 @@ class sudo {
     source  => 'puppet:///modules/sudo/sudoers',
     require => Package['sudo'],
   }
+
+  file { '/etc/sudoers.d':
+    ensure  => directory,
+    mode    => '755',
+    purge   => true,
+    recurse => true,
+    force   => true,
+    source  => 'puppet:///files/empty/',
+  }
+  file { '/etc/sudoers.d/README':
+    mode    => '440',
+    content => @(EOT),
+      # According to the README shipped with Debian 10,
+      # this directory, if included in /etc/sudoers, needs
+      # to contain at least one file.  Files which end in
+      # a '~' character or that contain a '.' are ignored.
+      #
+      # Files should be mode 0440 and be edited with visudo.
+      | EOT
+  }
 }
-- 
2.20.1