From 54a4f1539b6f2797c38fbf0e92d27153c582c074 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Wed, 15 Dec 2021 19:57:08 -0600
Subject: [PATCH] Add some sudo rules to nagios-checker so it can start doing
 restricted checks

---
 playbooks/tags_nagios.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/playbooks/tags_nagios.yml b/playbooks/tags_nagios.yml
index 3811072..c45a98a 100755
--- a/playbooks/tags_nagios.yml
+++ b/playbooks/tags_nagios.yml
@@ -22,6 +22,16 @@
         state: present
         key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNavw28C0mKIQVRLQDW2aoovliU1XCGaenDhIMwumK/ Nagios monitoring"
       tags: [ nagios ]
+    - name: assure nagios user sudo rule file
+      file: path=/etc/sudoers.d/50-nagios-checker mode=0750 owner=root group=root state=touch modification_time=preserve access_time=preserve
+      tags: [ nagios, sudo ]
+    - name: assure nagios user sudo rules
+      lineinfile:
+        path: /etc/sudoers.d/50-nagios-checker
+        line: "nagios-checker ALL = (root) NOPASSWD: {{ item }}"
+      with_items:
+        - /usr/lib/nagios/plugins/check_disk
+      tags: [ nagios, sudo ]
 - hosts: all
   tasks:
     - name: disable nagios user when not tagged