Commit 6ce0c7dd authored by Mattia Rizzolo's avatar Mattia Rizzolo

ssl: configure sudo

Signed-off-by: Mattia Rizzolo's avatarMattia Rizzolo <mattia@debian.org>
parent 1a040c86
......@@ -41,3 +41,12 @@
force: no
owner: root
group: ssl-cert
- name: configure sudo so cron can renew certs by itself
template:
src: sudoers
dest: /etc/sudoers.d/ssl
owner: root
group: root
mode: 0440
validate: visudo -cf %s
# the SSL auto-renew client should be able to reload services on its own
ssl-keys ALL=(root) NOPASSWD: /usr/sbin/apache2ctl graceful
ssl-keys ALL=(root) NOPASSWD: /usr/sbin/service nginx reload
ssl-keys ALL=(root) NOPASSWD: /usr/sbin/service postfix reload
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment