From: Bernhard Tittelbach Date: Wed, 9 Sep 2020 22:17:57 +0000 (+0200) Subject: call upload script with sudo X-Git-Url: https://git.realraum.at/?a=commitdiff_plain;h=e74b569686b7bf4d0abce63d996acdbfc0e9e646;p=noc.git call upload script with sudo --- diff --git a/ansible/files/torwaechter/post-receive b/ansible/files/torwaechter/post-receive index 57f7b2c..c1fdc54 100755 --- a/ansible/files/torwaechter/post-receive +++ b/ansible/files/torwaechter/post-receive @@ -11,7 +11,7 @@ keys_pipe_to=$(git config hooks.keys_pipe_to 2>/dev/null) keys_branch=${keys_branch:-master} keys_file=${keys_file:-keys} -keys_pipe_to=${keys_pipe_to:-/usr/local/bin/update-keys-from-stdin.sh} +keys_pipe_to=${keys_pipe_to:-sudo /usr/local/bin/update-keys-from-stdin.sh} changedcommits=$( grep "refs/heads/${keys_branch}" | sed 's/\([0-9a-f]\+\)\s\+\([0-9a-f]\+\)\s\+.*/\1..\2/;' ) diff --git a/ansible/files/torwaechter/tuergitflash b/ansible/files/torwaechter/tuergitflash new file mode 100644 index 0000000..b5d9857 --- /dev/null +++ b/ansible/files/torwaechter/tuergitflash @@ -0,0 +1,3 @@ +Cmnd_Alias TUERFLASH = /usr/local/bin/update-keys-from-stdin.sh + +tuergit ALL=(root) NOPASSWD: TUERFLASH diff --git a/ansible/host_vars/torwaechter/main.yml b/ansible/host_vars/torwaechter/main.yml index 0f47957..fd9f39c 100644 --- a/ansible/host_vars/torwaechter/main.yml +++ b/ansible/host_vars/torwaechter/main.yml @@ -39,6 +39,10 @@ openwrt_mixin: mode: '0755' file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh" + /etc/sudoers.d/tuergitflash: + mode: '0440' + file: "{{ global_files_dir }}/{{ inventory_hostname }}/tuergitflash" + /etc/ssh/sshd_config: content: | Port 22000