From 9e806356c4230430ca418afe882999d3256d1173 Mon Sep 17 00:00:00 2001
From: Miraty <miraty+git@antopie.org>
Date: Mon, 28 Nov 2022 17:22:12 +0100
Subject: [PATCH] sudoers: more restrictive regexes

---
 mkosi.extra/etc/sudoers.d/niver | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/mkosi.extra/etc/sudoers.d/niver b/mkosi.extra/etc/sudoers.d/niver
index 0a21506..1f2b7e9 100644
--- a/mkosi.extra/etc/sudoers.d/niver
+++ b/mkosi.extra/etc/sudoers.d/niver
@@ -1,9 +1,9 @@
-niver ALL=(root) NOPASSWD: /usr/bin/systemctl  reload nginx
-niver ALL=(root) NOPASSWD: /usr/bin/systemctl  reload tor
-niver ALL=(root) NOPASSWD: /usr/bin/chgrp     ^sftpgo /srv/niver/ht/[^[:punct:][:space:][:cntrl:]]{1,128} --no-dereference$
-niver ALL=(root) NOPASSWD: /usr/bin/certbot   ^certonly( --test-cert)? --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
-niver ALL=(root) NOPASSWD: /usr/bin/certbot   ^delete --quiet --cert-name ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
-niver ALL=(root) NOPASSWD: /usr/bin/rm        ^--recursive /srv/niver/ht/[^[:punct:][:space:][:cntrl:]]{1,128}$
-niver ALL=(tor)  NOPASSWD: /usr/bin/cat       ^/srv/niver/tor-keys/[^[:punct:][:space:][:cntrl:]]{1,128}/[^[:punct:][:space:][:cntrl:]]{1,128}/hostname$
-niver ALL=(tor)  NOPASSWD: /usr/bin/mkdir     ^--mode=0700 /srv/niver/tor-keys/[^[:punct:][:space:][:cntrl:]]{1,128}$
-niver ALL=(tor)  NOPASSWD: /usr/bin/rm        ^--recursive /srv/niver/tor-keys/[^[:punct:][:space:][:cntrl:]]{1,128}(/[^[:punct:][:space:][:cntrl:]]{1,128})?$
+niver ALL=(root)   NOPASSWD: /usr/bin/systemctl  reload nginx
+niver ALL=(root)   NOPASSWD: /usr/bin/systemctl  reload tor
+niver ALL=(root)   NOPASSWD: /usr/bin/chgrp     ^sftpgo /srv/niver/ht/[0-9a-f]{64} --no-dereference$
+niver ALL=(root)   NOPASSWD: /usr/bin/certbot   ^certonly( --test-cert)? --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
+niver ALL=(root)   NOPASSWD: /usr/bin/certbot   ^delete --quiet --cert-name ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
+niver ALL=(sftpgo) NOPASSWD: /usr/bin/rm        ^--recursive /srv/niver/ht/[0-9a-f]{64}$
+niver ALL=(tor)    NOPASSWD: /usr/bin/cat       ^/srv/niver/tor-keys/[0-9a-f]{64}/[a-zA-Z0-9_-]{1,64}/hostname$
+niver ALL=(tor)    NOPASSWD: /usr/bin/mkdir     ^--mode=0700 /srv/niver/tor-keys/[0-9a-f]{64}$
+niver ALL=(tor)    NOPASSWD: /usr/bin/rm        ^--recursive /srv/niver/tor-keys/[0-9a-f]{64}(/[a-zA-Z0-9_-]{1,64})?$