Jérémy Dubois
ff1f728102
We put the doas authorization for collectd in the global file and we let it if collectd is not there, because otherwise the authorization would be removed if the base role was run without the collectd role, even if collectd was still running. Collectd would have been broken.
18 lines
1.2 KiB
Django/Jinja
18 lines
1.2 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :{{ evobsd_group }}
|
|
permit nopass root
|
|
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :{{ evobsd_group }} as root cmd /usr/share/scripts/evomaintenance.sh
|
|
permit nopass _collectd as root cmd /bin/cat
|
|
permit nopass _collectd as root cmd /usr/sbin/bgpctl
|
|
permit nopass _nrpe as root cmd /sbin/bioctl args sd2
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/check_mailq
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/check_dhcp
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl.sh
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openbgpd
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_connections_state.sh
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|