call upload script with sudo

diff --git a/ansible/files/torwaechter/post-receive b/ansible/files/torwaechter/post-receive
index 57f7b2c..c1fdc54 100755 (executable)
--- a/ansible/files/torwaechter/post-receive
+++ b/ansible/files/torwaechter/post-receive
@@ -11,7 +11,7 @@ keys_pipe_to=$(git config hooks.keys_pipe_to 2>/dev/null)
 
 keys_branch=${keys_branch:-master}
 keys_file=${keys_file:-keys}
-keys_pipe_to=${keys_pipe_to:-/usr/local/bin/update-keys-from-stdin.sh}
+keys_pipe_to=${keys_pipe_to:-sudo /usr/local/bin/update-keys-from-stdin.sh}
 
 changedcommits=$( grep "refs/heads/${keys_branch}" | sed 's/\([0-9a-f]\+\)\s\+\([0-9a-f]\+\)\s\+.*/\1..\2/;' )
 

diff --git a/ansible/files/torwaechter/tuergitflash b/ansible/files/torwaechter/tuergitflash
new file mode 100644 (file)
index 0000000..b5d9857
--- /dev/null
+++ b/ansible/files/torwaechter/tuergitflash
@@ -0,0 +1,3 @@
+Cmnd_Alias TUERFLASH = /usr/local/bin/update-keys-from-stdin.sh 
+
+tuergit ALL=(root) NOPASSWD: TUERFLASH

diff --git a/ansible/host_vars/torwaechter/main.yml b/ansible/host_vars/torwaechter/main.yml
index 0f47957..fd9f39c 100644 (file)
--- a/ansible/host_vars/torwaechter/main.yml
+++ b/ansible/host_vars/torwaechter/main.yml
@@ -39,6 +39,10 @@ openwrt_mixin:
     mode: '0755'
     file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
 
+  /etc/sudoers.d/tuergitflash:
+    mode: '0440'
+    file: "{{ global_files_dir }}/{{ inventory_hostname }}/tuergitflash"
+
   /etc/ssh/sshd_config:
     content: |
       Port 22000