From e74b569686b7bf4d0abce63d996acdbfc0e9e646 Mon Sep 17 00:00:00 2001 From: Bernhard Tittelbach Date: Thu, 10 Sep 2020 00:17:57 +0200 Subject: [PATCH] call upload script with sudo --- ansible/files/torwaechter/post-receive | 2 +- ansible/files/torwaechter/tuergitflash | 3 +++ ansible/host_vars/torwaechter/main.yml | 4 ++++ 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 ansible/files/torwaechter/tuergitflash diff --git a/ansible/files/torwaechter/post-receive b/ansible/files/torwaechter/post-receive index 57f7b2c..c1fdc54 100755 --- a/ansible/files/torwaechter/post-receive +++ b/ansible/files/torwaechter/post-receive @@ -11,7 +11,7 @@ keys_pipe_to=$(git config hooks.keys_pipe_to 2>/dev/null) keys_branch=${keys_branch:-master} keys_file=${keys_file:-keys} -keys_pipe_to=${keys_pipe_to:-/usr/local/bin/update-keys-from-stdin.sh} +keys_pipe_to=${keys_pipe_to:-sudo /usr/local/bin/update-keys-from-stdin.sh} changedcommits=$( grep "refs/heads/${keys_branch}" | sed 's/\([0-9a-f]\+\)\s\+\([0-9a-f]\+\)\s\+.*/\1..\2/;' ) diff --git a/ansible/files/torwaechter/tuergitflash b/ansible/files/torwaechter/tuergitflash new file mode 100644 index 0000000..b5d9857 --- /dev/null +++ b/ansible/files/torwaechter/tuergitflash @@ -0,0 +1,3 @@ +Cmnd_Alias TUERFLASH = /usr/local/bin/update-keys-from-stdin.sh + +tuergit ALL=(root) NOPASSWD: TUERFLASH diff --git a/ansible/host_vars/torwaechter/main.yml b/ansible/host_vars/torwaechter/main.yml index 0f47957..fd9f39c 100644 --- a/ansible/host_vars/torwaechter/main.yml +++ b/ansible/host_vars/torwaechter/main.yml @@ -39,6 +39,10 @@ openwrt_mixin: mode: '0755' file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh" + /etc/sudoers.d/tuergitflash: + mode: '0440' + file: "{{ global_files_dir }}/{{ inventory_hostname }}/tuergitflash" + /etc/ssh/sshd_config: content: | Port 22000 -- 1.7.10.4