Revert "Remove the sudo cookbook"

This reverts commit 73d1722d4b.
2019-04-03 10:30:38 +02:00
parent db4b45b5c2
commit 87d7c721b1
15 changed files with 958 additions and 6 deletions
--- a/site-cookbooks/kosmos-base/metadata.rb
+++ b/site-cookbooks/kosmos-base/metadata.rb
@@ -4,10 +4,11 @@ maintainer_email 'mail@kosmos.org'
 license          'All rights reserved'
 description      'The Kosmos base cookbook'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.2.0'
+version          '0.1.1'

 depends 'apt'
 depends 'users'
+depends 'sudo'
 depends 'kosmos-postfix'
 depends 'hostname'
 depends 'firewall'
--- a/site-cookbooks/kosmos-base/recipes/default.rb
+++ b/site-cookbooks/kosmos-base/recipes/default.rb
@@ -30,17 +30,18 @@ unless node.chef_environment == "development"
    action [:remove, :create]
  end

-  sudo "sysadmin" do
-    groups "sysadmin"
-    nopasswd true
-    defaults [
+  node.override['authorization']['sudo']['sudoers_defaults'] = [
    # not default on Ubuntu, explicitely enable. Uses a minimal white list of
    # environment variables
    'env_reset',
    # Send emails on unauthorized attempts
    'mail_badpass',
    'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"',
-    ]
+  ]
+  include_recipe "sudo"
+  sudo "sysadmin" do
+    group "sysadmin"
+    nopasswd true
  end

  include_recipe 'kosmos-base::firewall'