Format and update sudoers

2022-10-09 01:17:15 +02:00 · 2022-10-09 01:17:15 +02:00 · bb296b1c77
parent bee01f657d
commit bb296b1c77
1 changed files with 9 additions and 2 deletions
--- a/mkosi.extra/etc/sudoers.d/niver
+++ b/mkosi.extra/etc/sudoers.d/niver
@ -1,2 +1,9 @@
-niver ALL= NOPASSWD: /usr/bin/systemctl reload nginx,/usr/bin/systemctl reload tor,/usr/bin/chgrp ^sftpgo /srv/niver/ht/[^[:punct:][:space:][:cntrl:]]{1,128} --no-dereference$
-niver ALL=(tor) NOPASSWD: /usr/bin/cat ^/srv/niver/tor-keys/[^[:punct:][:space:][:cntrl:]]{1,128}/[^[:punct:][:space:][:cntrl:]]{1,128}/hostname$,/usr/bin/mkdir ^--mode=0700 /srv/niver/tor-keys/[^[:punct:][:space:][:cntrl:]]{1,128}$,/usr/bin/rm ^--recursive /srv/niver/tor-keys/[^[:punct:][:space:][:cntrl:]]{1,128}(/[^[:punct:][:space:][:cntrl:]]{1,128})?$
+niver ALL=(root)       NOPASSWD: /usr/bin/systemctl reload nginx
+niver ALL=(root)       NOPASSWD: /usr/bin/systemctl reload tor@default
+niver ALL=(root)       NOPASSWD: /usr/bin/chgrp     ^sftpgo /srv/niver/ht/[^[:punct:][:space:][:cntrl:]]{1,128} --no-dereference$
+niver ALL=(root)       NOPASSWD: /usr/bin/certbot   ^certonly( --test-cert)? --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
+niver ALL=(root)       NOPASSWD: /usr/bin/certbot   ^delete --quiet --cert-name ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
+niver ALL=(root)       NOPASSWD: /usr/bin/rm        ^--recursive /srv/niver/ht/[^[:punct:][:space:][:cntrl:]]{1,128}$
+niver ALL=(debian-tor) NOPASSWD: /usr/bin/cat       ^/srv/niver/tor-keys/[^[:punct:][:space:][:cntrl:]]{1,128}/[^[:punct:][:space:][:cntrl:]]{1,128}/hostname$
+niver ALL=(debian-tor) NOPASSWD: /usr/bin/mkdir     ^--mode=0700 /srv/niver/tor-keys/[^[:punct:][:space:][:cntrl:]]{1,128}$
+niver ALL=(debian-tor) NOPASSWD: /usr/bin/rm        ^--recursive /srv/niver/tor-keys/[^[:punct:][:space:][:cntrl:]]{1,128}(/[^[:punct:][:space:][:cntrl:]]{1,128})?$