From 5b99a29d3b4c28cb3e402e26e4cf17e116209ff7 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 8 Apr 2009 09:50:31 +0200
Subject: [PATCH] samosa: %adm may reload bind without password

---
 manifests/site.pp                             |  2 +-
 modules/sudo/files/common/sudoers             |  2 +
 .../files/per-host/samosa.debian.org/sudoers  | 38 -------------------
 3 files changed, 3 insertions(+), 39 deletions(-)
 delete mode 100644 modules/sudo/files/per-host/samosa.debian.org/sudoers

diff --git a/manifests/site.pp b/manifests/site.pp
index ae08b6cd4..c13ecb2ea 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -45,7 +45,7 @@ node default {
 
     # test here first
     case $hostname {
-        handel,geo1,geo2,geo3,wieck,brahms,bartok,spohr,sperger,carver,rore,malo,peri,penalosa,praetorius,schein,villa,lobos,steffani,kassia,pergolesi,lafayette,rem,albeniz,goetz,smetana,allegri,puccini,ball,argento,arcadelt,dijkstra,schumann,caballero,voltaire,pescetti,mundy,agricola,goedel,lebrun,mayer,mayr,merulo,morales,murphy,paer,saens,schroeder,spontini,widor,zelenka,agnesi,piatti,powell:    { include sudo }
+        handel,geo1,geo2,geo3,wieck,brahms,bartok,spohr,sperger,carver,rore,malo,peri,penalosa,praetorius,schein,villa,lobos,steffani,kassia,pergolesi,lafayette,rem,albeniz,goetz,smetana,allegri,puccini,ball,argento,arcadelt,dijkstra,schumann,caballero,voltaire,pescetti,mundy,agricola,goedel,lebrun,mayer,mayr,merulo,morales,murphy,paer,saens,schroeder,spontini,widor,zelenka,agnesi,piatti,powell,samosa:    { include sudo }
         default:   {}
     }
 }
diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers
index 424329f7b..1124e195e 100644
--- a/modules/sudo/files/common/sudoers
+++ b/modules/sudo/files/common/sudoers
@@ -67,3 +67,5 @@ buildd		ALL=(ALL)		NOPASSWD: ALL
 piupartss	piatti=(ALL)		NOPASSWD: ALL
 # trigger of mirror run for packages
 pkg_user	powell=(archvsync)	NOPASSWD: /home/archvsync/bin/pushpdo
+# on samosa, the domains git thing will run bind9 reload afterwards
+%adm		ALL=(root)		NOPASSWD: /etc/init.d/bind9 reload
diff --git a/modules/sudo/files/per-host/samosa.debian.org/sudoers b/modules/sudo/files/per-host/samosa.debian.org/sudoers
deleted file mode 100644
index fcf142f29..000000000
--- a/modules/sudo/files/per-host/samosa.debian.org/sudoers
+++ /dev/null
@@ -1,38 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-# sudoers file.
-#
-# This file MUST be edited with the 'visudo' command as root.
-#
-# See the man page for details on how to write a sudoers file.
-#
-
-# Host alias specification
-
-# User alias specification
-
-# Cmnd alias specification
-
-# User privilege specification
-root	ALL=(ALL) ALL
-%adm	ALL=(ALL) ALL
-%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
-
-# HP local admin group
-%hpadmins	ALL=(ALL) ALL
-
-# dns-update calls "sudo /etc/init.d/bind9 reload"
-%dnsadmin	ALL=(root) NOPASSWD: /etc/init.d/bind9 reload
-%adm	ALL=(root) NOPASSWD: /etc/init.d/bind9 reload
-
-nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
-nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none
-- 
2.20.1