remove users/$user/is_admin metadata, directly write sudo_commands instead

This commit is contained in:
Franzi 2024-02-25 15:29:10 +01:00
parent 02e25f89ff
commit 7d4624ce62
Signed by: kunsi
GPG key ID: 12E3D2136B818350
7 changed files with 8 additions and 26 deletions

View file

@ -1,9 +1,5 @@
% for user, config in sorted(node.metadata['users'].items()): % for user, config in sorted(node.metadata['users'].items()):
% if config.get('is_admin', False):
${user} ALL=(ALL) NOPASSWD:ALL
% else:
% for p in sorted(config.get('sudo_commands', [])): % for p in sorted(config.get('sudo_commands', [])):
${user} ALL=(ALL) NOPASSWD:${p} ${user} ALL=(ALL) NOPASSWD:${p}
% endfor % endfor
% endif
% endfor % endfor

View file

@ -36,7 +36,7 @@ def add_users_from_json(metadata):
if config.get('is_admin', False) or uname in metadata_users: if config.get('is_admin', False) or uname in metadata_users:
users[uname] = { users[uname] = {
'ssh_pubkey': set(config['ssh_pubkey']), 'ssh_pubkey': set(config['ssh_pubkey']),
'is_admin': config.get('is_admin', False), 'sudo_commands': ['ALL'],
} }
# Then, run again to get all 'to be deleted' users # Then, run again to get all 'to be deleted' users

View file

@ -52,7 +52,7 @@ if node.has_bundle('arch-with-gui'):
def libvirt_group_for_admins(metadata): def libvirt_group_for_admins(metadata):
result = {} result = {}
for user, config in metadata.get('users', {}).items(): for user, config in metadata.get('users', {}).items():
if config.get('is_admin', False): if 'ALL' in config.get('sudo_commands', set()):
result[user] = { result[user] = {
'groups': { 'groups': {
'libvirt', 'libvirt',

View file

@ -137,16 +137,8 @@ nodes['home.router'] = {
'f2k1de': { 'f2k1de': {
'delete': True, 'delete': True,
}, },
'fkunsmann': { 'fkunsmann': {},
'sudo_commands': { 'sophie': {},
'ALL',
},
},
'sophie': {
'sudo_commands': {
'ALL',
},
},
}, },
'vnstat': { 'vnstat': {
'interface': 'enp1s0.7', 'interface': 'enp1s0.7',

View file

@ -234,9 +234,6 @@ nodes['htz-cloud.miniserver'] = {
'ssh_pubkey': [ 'ssh_pubkey': [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
], ],
'sudo_commands': {
'ALL',
},
}, },
}, },
'zfs': { 'zfs': {

View file

@ -49,11 +49,7 @@ nodes['htz-hel.backup-sophie'] = {
}, },
}, },
'users': { 'users': {
'sophie': { 'sophie': {},
'sudo_commands': {
'ALL',
},
},
}, },
'zfs': { 'zfs': {
'datasets': { 'datasets': {

View file

@ -99,6 +99,7 @@ nodes['voc.infobeamer-cms'] = {
}, },
'sudo_commands': {'ALL'}, 'sudo_commands': {'ALL'},
}, },
'sophie': {},
}, },
}, },
} }