Move backup-server specific sudoers entries out of debian-global sudo

diff --git a/modules/postgres/manifests/backup_server.pp b/modules/postgres/manifests/backup_server.pp
index de45f72..a4c6689 100644 (file)
--- a/modules/postgres/manifests/backup_server.pp
+++ b/modules/postgres/manifests/backup_server.pp
@@ -99,6 +99,12 @@ class postgres::backup_server {
     refreshonly => true,
   }
 
+  file { '/etc/sudoers.d/backup-server':
+    mode    => '0440',
+    content => template('postgres/backup_server/sudoers.erb'),
+  }
+
+
   ####
   # Maintain .pgpass file on backup servers
   # #

diff --git a/modules/postgres/templates/backup_server/sudoers.erb b/modules/postgres/templates/backup_server/sudoers.erb
new file mode 100644 (file)
index 0000000..de633ca
--- /dev/null
+++ b/modules/postgres/templates/backup_server/sudoers.erb
@@ -0,0 +1,3 @@
+# edit with visudo!
+
+nagios         ALL=(debbackup)         NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 6be4189..6921a27 100644 (file)
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -91,9 +91,6 @@ nagios                MEGARAIDHOSTS=(ALL)     NOPASSWD: /usr/local/bin/megarc -AllAdpInfo -nolog,
 nagios         DELLHOSTS=(ALL)         NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage ""
 nagios         DELLHOSTS=(ALL)         NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage -b bp=0
 nagios         DELLHOSTS=(ALL)         NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage -b bp=0 -b bat_charge=0\:0
-# other nagios things
-nagios         backuphost=(debbackup)  NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
-nagios         storace=(debbackup)     NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
 
 # groups and their role accounts
 %alioth-archive        ALL=(alioth-archive)    ALL