From 4a7616f94fa2156a005712132a02345049d60a67 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 28 Sep 2019 20:20:37 +0200
Subject: [PATCH] Move backup-server specific sudoers entries out of
 debian-global sudo

---
 modules/postgres/manifests/backup_server.pp          | 6 ++++++
 modules/postgres/templates/backup_server/sudoers.erb | 3 +++
 modules/sudo/files/sudoers                           | 3 ---
 3 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 modules/postgres/templates/backup_server/sudoers.erb

diff --git a/modules/postgres/manifests/backup_server.pp b/modules/postgres/manifests/backup_server.pp
index de45f72f8..a4c6689db 100644
--- a/modules/postgres/manifests/backup_server.pp
+++ b/modules/postgres/manifests/backup_server.pp
@@ -99,6 +99,12 @@ class postgres::backup_server {
     refreshonly => true,
   }
 
+  file { '/etc/sudoers.d/backup-server':
+    mode    => '0440',
+    content => template('postgres/backup_server/sudoers.erb'),
+  }
+
+
   ####
   # Maintain .pgpass file on backup servers
   # #
diff --git a/modules/postgres/templates/backup_server/sudoers.erb b/modules/postgres/templates/backup_server/sudoers.erb
new file mode 100644
index 000000000..de633ca49
--- /dev/null
+++ b/modules/postgres/templates/backup_server/sudoers.erb
@@ -0,0 +1,3 @@
+# edit with visudo!
+
+nagios		ALL=(debbackup)		NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 6be418976..6921a27a8 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -91,9 +91,6 @@ nagios		MEGARAIDHOSTS=(ALL)	NOPASSWD: /usr/local/bin/megarc -AllAdpInfo -nolog,
 nagios		DELLHOSTS=(ALL)		NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage ""
 nagios		DELLHOSTS=(ALL)		NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage -b bp=0
 nagios		DELLHOSTS=(ALL)		NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage -b bp=0 -b bat_charge=0\:0
-# other nagios things
-nagios		backuphost=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
-nagios		storace=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
 
 # groups and their role accounts
 %alioth-archive	ALL=(alioth-archive)	ALL
-- 
2.20.1