From 572816d54ea0fdc412a6c54053d0fc5804c288f5 Mon Sep 17 00:00:00 2001 From: Miraty Date: Wed, 10 Apr 2024 00:11:13 +0200 Subject: [PATCH] sudoers: add --config to certbot commands --- mkosi.extra/install/sudoers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mkosi.extra/install/sudoers b/mkosi.extra/install/sudoers index 83ff1d0..4477d46 100644 --- a/mkosi.extra/install/sudoers +++ b/mkosi.extra/install/sudoers @@ -1,7 +1,7 @@ servnest ALL=(root) NOPASSWD: /usr/bin/systemctl reload tor servnest ALL=(root) NOPASSWD: /usr/bin/chgrp ^--no-dereference -- sftpgo /srv/servnest/ht/fs/[0-9a-f]{64}$ -servnest ALL=(root) NOPASSWD: /usr/bin/certbot ^certonly --domain ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}( --test-cert)?$ -servnest ALL=(root) NOPASSWD: /usr/bin/certbot ^delete --quiet --cert-name ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$ +servnest ALL=(root) NOPASSWD: /usr/bin/certbot ^--config /etc/letsencrypt/servnest\.ini certonly --domain ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}( --test-cert)?$ +servnest ALL=(root) NOPASSWD: /usr/bin/certbot ^--config /etc/letsencrypt/servnest\.ini delete --quiet --cert-name ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$ servnest ALL=(tor) NOPASSWD: /usr/bin/cat ^-- /srv/servnest/tor-keys/[0-9a-f]{64}/[a-zA-Z0-9_-]{1,64}/hostname$ servnest ALL=(tor) NOPASSWD: /usr/bin/mkdir ^--mode=0700 -- /srv/servnest/tor-keys/[0-9a-f]{64}$ servnest ALL=(tor) NOPASSWD: /usr/bin/rm ^-r -- /srv/servnest/tor-keys/[0-9a-f]{64}(/[a-zA-Z0-9_-]{1,64})?$