From 7e26fd1d0b1dc8ecea10bfacd96cf4e48236121b Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Thu, 27 Feb 2020 18:26:55 +0100
Subject: space_server: move sudo tasks to fedora role

..to align with debian role
---
 roles/fedora/files/sudoers        | 96 +++++++++++++++++++++++++++++++++++++++
 roles/fedora/tasks/main.yml       |  2 +
 roles/fedora/tasks/sudo.yml       | 11 +++++
 roles/space_server/files/sudoers  | 96 ---------------------------------------
 roles/space_server/tasks/main.yml |  2 -
 roles/space_server/tasks/sudo.yml | 11 -----
 6 files changed, 109 insertions(+), 109 deletions(-)
 create mode 100644 roles/fedora/files/sudoers
 create mode 100644 roles/fedora/tasks/sudo.yml
 delete mode 100644 roles/space_server/files/sudoers
 delete mode 100644 roles/space_server/tasks/sudo.yml

(limited to 'roles')

diff --git a/roles/fedora/files/sudoers b/roles/fedora/files/sudoers
new file mode 100644
index 0000000..069052c
--- /dev/null
+++ b/roles/fedora/files/sudoers
@@ -0,0 +1,96 @@
+## Sudoers allows particular users to run various commands as
+## the root user, without needing the root password.
+##
+## Examples are provided at the bottom of the file for collections
+## of related commands, which can then be delegated out to particular
+## users or groups.
+## 
+## This file must be edited with the 'visudo' command.
+
+## Host Aliases
+## Groups of machines. You may prefer to use hostnames (perhaps using 
+## wildcards for entire domains) or IP addresses instead.
+# Host_Alias     FILESERVERS = fs1, fs2
+# Host_Alias     MAILSERVERS = smtp, smtp2
+
+## User Aliases
+## These aren't often necessary, as you can use regular groups
+## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 
+## rather than USERALIAS
+# User_Alias ADMINS = jsmith, mikem
+
+
+## Command Aliases
+## These are groups of related commands...
+
+## Networking
+# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
+
+## Installation and management of software
+# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
+
+## Services
+# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
+
+## Updating the locate database
+# Cmnd_Alias LOCATE = /usr/bin/updatedb
+
+## Storage
+# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
+
+## Delegating permissions
+# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 
+
+## Processes
+# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
+
+## Drivers
+# Cmnd_Alias DRIVERS = /sbin/modprobe
+
+# Defaults specification
+
+#
+# Refuse to run if unable to disable echo on the tty.
+#
+Defaults   !visiblepw
+
+Defaults    env_reset
+Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
+Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
+Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
+Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
+Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
+
+Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
+
+## Next comes the main part: which users can run what software on 
+## which machines (the sudoers file can be shared between multiple
+## systems).
+## Syntax:
+##
+## 	user	MACHINE=COMMANDS
+##
+## The COMMANDS section may have other options added to it.
+##
+## Allow root to run any commands anywhere 
+root	ALL=(ALL) 	ALL
+
+## Allows members of the 'sys' group to run networking, software, 
+## service management apps and more.
+# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
+
+## Allows people in group wheel to run all commands
+# %wheel	ALL=(ALL)	ALL
+
+## Same thing without a password
+%wheel	ALL=(ALL)	NOPASSWD: ALL
+
+## Allows members of the users group to mount and unmount the 
+## cdrom as root
+# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
+
+## Allows members of the users group to shutdown this system
+# %users  localhost=/sbin/shutdown -h now
+
+## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
+#includedir /etc/sudoers.d
diff --git a/roles/fedora/tasks/main.yml b/roles/fedora/tasks/main.yml
index de4c160..e3f69a3 100644
--- a/roles/fedora/tasks/main.yml
+++ b/roles/fedora/tasks/main.yml
@@ -22,5 +22,7 @@
   tags: timesyncd
 - import_tasks: sshd.yml
   tags: sshd
+- import_tasks: sudo.yml
+  tags: sudo
 
 # vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/tasks/sudo.yml b/roles/fedora/tasks/sudo.yml
new file mode 100644
index 0000000..7125a4b
--- /dev/null
+++ b/roles/fedora/tasks/sudo.yml
@@ -0,0 +1,11 @@
+---
+- name: Install sudoers file
+  copy:
+    dest: '/etc/sudoers'
+    src: sudoers
+    owner: root
+    group: root
+    mode: 0440
+    validate: visudo -cf %s
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/files/sudoers b/roles/space_server/files/sudoers
deleted file mode 100644
index 069052c..0000000
--- a/roles/space_server/files/sudoers
+++ /dev/null
@@ -1,96 +0,0 @@
-## Sudoers allows particular users to run various commands as
-## the root user, without needing the root password.
-##
-## Examples are provided at the bottom of the file for collections
-## of related commands, which can then be delegated out to particular
-## users or groups.
-## 
-## This file must be edited with the 'visudo' command.
-
-## Host Aliases
-## Groups of machines. You may prefer to use hostnames (perhaps using 
-## wildcards for entire domains) or IP addresses instead.
-# Host_Alias     FILESERVERS = fs1, fs2
-# Host_Alias     MAILSERVERS = smtp, smtp2
-
-## User Aliases
-## These aren't often necessary, as you can use regular groups
-## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 
-## rather than USERALIAS
-# User_Alias ADMINS = jsmith, mikem
-
-
-## Command Aliases
-## These are groups of related commands...
-
-## Networking
-# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
-
-## Installation and management of software
-# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
-
-## Services
-# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
-
-## Updating the locate database
-# Cmnd_Alias LOCATE = /usr/bin/updatedb
-
-## Storage
-# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
-
-## Delegating permissions
-# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 
-
-## Processes
-# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
-
-## Drivers
-# Cmnd_Alias DRIVERS = /sbin/modprobe
-
-# Defaults specification
-
-#
-# Refuse to run if unable to disable echo on the tty.
-#
-Defaults   !visiblepw
-
-Defaults    env_reset
-Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
-Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
-Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
-Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
-Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
-
-Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
-
-## Next comes the main part: which users can run what software on 
-## which machines (the sudoers file can be shared between multiple
-## systems).
-## Syntax:
-##
-## 	user	MACHINE=COMMANDS
-##
-## The COMMANDS section may have other options added to it.
-##
-## Allow root to run any commands anywhere 
-root	ALL=(ALL) 	ALL
-
-## Allows members of the 'sys' group to run networking, software, 
-## service management apps and more.
-# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
-
-## Allows people in group wheel to run all commands
-# %wheel	ALL=(ALL)	ALL
-
-## Same thing without a password
-%wheel	ALL=(ALL)	NOPASSWD: ALL
-
-## Allows members of the users group to mount and unmount the 
-## cdrom as root
-# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
-
-## Allows members of the users group to shutdown this system
-# %users  localhost=/sbin/shutdown -h now
-
-## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
-#includedir /etc/sudoers.d
diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml
index 1c5ae7c..f4f89d6 100644
--- a/roles/space_server/tasks/main.yml
+++ b/roles/space_server/tasks/main.yml
@@ -9,8 +9,6 @@
   tags:
   - fstab
 
-- import_tasks: sudo.yml
-  tags: sudo
 - import_tasks: kernel.yml
   tags: kernel
 - import_tasks: gettys.yml
diff --git a/roles/space_server/tasks/sudo.yml b/roles/space_server/tasks/sudo.yml
deleted file mode 100644
index 7125a4b..0000000
--- a/roles/space_server/tasks/sudo.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: Install sudoers file
-  copy:
-    dest: '/etc/sudoers'
-    src: sudoers
-    owner: root
-    group: root
-    mode: 0440
-    validate: visudo -cf %s
-
-# vim: set ts=2 sw=2 et:
-- 
cgit v1.2.1