89 lines
2.2 KiB
Django/Jinja
89 lines
2.2 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% for item in sudoers_file_defaults | default([]) %}
|
|
Defaults {{ item }}
|
|
{% endfor %}
|
|
|
|
# Host alias specification
|
|
{% for item in sudoers_file_host_aliases | default([]) %}
|
|
Host_Alias {{ item.name }} = {{ item.entry }}
|
|
{% endfor %}
|
|
|
|
# User alias specification
|
|
{% for item in sudoers_file_user_aliases | default([]) %}
|
|
User_Alias {{ item.name }} = {{ item.entry }}
|
|
{% endfor %}
|
|
|
|
# Cmnd alias specification
|
|
{% for item in sudoers_file_cmnd_aliases | default([]) %}
|
|
Cmnd_Alias {{ item.name }} = {{ item.entry }}
|
|
{% endfor %}
|
|
|
|
# Runas alias specification
|
|
{% for item in sudoers_file_runas_aliases | default([]) %}
|
|
Runas_Alias {{ item.name }} = {{ item.entry }}
|
|
{% endfor %}
|
|
|
|
# User privilege specification
|
|
|
|
{# rule for user 'back' #}
|
|
{% for item in sudoers_file_user_back_privileges | default([]) %}
|
|
back {{ item }}
|
|
{% endfor -%}
|
|
|
|
{%- for item in sudoers_file_user_back_svn_privileges | default([]) %}
|
|
back {{ item }}
|
|
{% endfor -%}
|
|
|
|
|
|
{%- if ansible_virtualization_role == 'host' %}
|
|
|
|
{% for item in sudoers_file_user_back_disk_privileges | default([]) %}
|
|
back {{ item }}
|
|
{% endfor %}
|
|
{% endif -%}
|
|
|
|
|
|
{%- if groups['webadmin']|string is search(inventory_hostname) %}
|
|
|
|
{% for item in sudoers_file_user_webadmin_disk_privileges | default([]) %}
|
|
webadmin {{ item }}
|
|
{% endfor %}
|
|
{% endif -%}
|
|
|
|
|
|
{%- if groups['postgresql_server']|string is search(inventory_hostname) %}
|
|
|
|
{% for item in sudoers_file_user_back_postgres_privileges | default([]) %}
|
|
back {{ item }}
|
|
{% endfor %}
|
|
{% endif -%}
|
|
|
|
|
|
{# dns server #}
|
|
{%- if groups['dns_server']|string is search(inventory_hostname) %}
|
|
|
|
{% for item in sudoers_file_dns_server_privileges | default([]) %}
|
|
{{ item.name }} {{ item.entry }}
|
|
{% endfor %}
|
|
{% endif -%}
|
|
|
|
|
|
{# postfixadmin rules #}
|
|
{%- if groups['mail_server']|string is search(inventory_hostname) %}
|
|
|
|
{% for item in sudoers_file_postfixadmin_privileges | default([]) %}
|
|
{{ item.name }} {{ item.entry }}
|
|
{% endfor %}
|
|
{% endif -%}
|
|
|
|
{# other (host specific) rules #}
|
|
{%- if (sudoers_file_user_privileges is defined and sudoers_file_user_privileges) %}
|
|
|
|
{% for item in sudoers_file_user_privileges | default([]) %}
|
|
{{ item.name }} {{ item.entry }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
# Group privilege specification
|