summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2017-02-11 13:23:31 +0000
committerintrigeri <intrigeri@boum.org>2017-02-11 13:30:52 +0000
commit24f779a6bfc7094a0072b4f5819a57b4901aeefe (patch)
treeaa1073c6434cee42c92a50a65c7357699a82fea0
parentdc985ce8e93750ec138ce9d09ae4b7d1f2319a8c (diff)
Allow weblate admins to start/stop/restart/reload Apache.
-rw-r--r--files/weblate/sudo/weblate-admin8
-rw-r--r--manifests/weblate.pp10
2 files changed, 18 insertions, 0 deletions
diff --git a/files/weblate/sudo/weblate-admin b/files/weblate/sudo/weblate-admin
new file mode 100644
index 0000000..e8e64a2
--- /dev/null
+++ b/files/weblate/sudo/weblate-admin
@@ -0,0 +1,8 @@
+Cmnd_Alias WEBLATE_ADMIN_CMDS = \
+ /bin/systemctl force-reload apache2.service "", \
+ /bin/systemctl reload apache2.service "", \
+ /bin/systemctl restart apache2.service "", \
+ /bin/systemctl start apache2.service "", \
+ /bin/systemctl stop apache2.service ""
+
+%weblate_admin ALL = (root) WEBLATE_ADMIN_CMDS
diff --git a/manifests/weblate.pp b/manifests/weblate.pp
index 557bdea..a3c76af 100644
--- a/manifests/weblate.pp
+++ b/manifests/weblate.pp
@@ -61,6 +61,16 @@ class tails::weblate (
tails::weblate::admin { $admins: }
+ # sudo credentials
+
+ file { '/etc/sudoers.d/weblate-admin':
+ owner => root,
+ group => root,
+ mode => '0440',
+ source => 'puppet:///modules/tails/weblate/sudo/weblate-admin',
+ require => Group['weblate_admin'],
+ }
+
# Mutable data
file { $mutable_data_dir: