From 15223c8a8c03165a28fce10f710f77a2c095053c Mon Sep 17 00:00:00 2001
From: Theo Chatzimichos <tampakrap@opensuse.org>
Date: Jan 31 2017 11:43:28 +0000
Subject: handle /etc/sudoers and /etc/sudoers.d/*


---

diff --git a/pillar/common.sls b/pillar/common.sls
index ad1a298..23ccfa0 100644
--- a/pillar/common.sls
+++ b/pillar/common.sls
@@ -107,3 +107,23 @@ sshd_config:
 timezone:
   name: UTC
   utc: True
+sudoers:
+  defaults:
+    generic:
+      - always_set_home
+      - secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
+      - env_reset
+      - env_keep="LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
+      - '!insults'
+      - targetpw
+  users:
+    ALL:
+      - 'ALL=(ALL) ALL'
+    root:
+      - 'ALL=(ALL) ALL'
+  includedir: /etc/sudoers.d
+  included_files:
+    /etc/sudoers.d/nagios_nopasswd_zypper:
+      users:
+        nagios:
+          - 'ALL=(ALL) NOPASSWD: /usr/sbin/zypp-refresh,/usr/bin/zypper ref,/usr/bin/zypper sl,/usr/bin/zypper --xmlout --non-interactive list-updates -t package -t patch'
diff --git a/salt/profile/accounts.sls b/salt/profile/accounts.sls
index 0702954..ab14a6a 100644
--- a/salt/profile/accounts.sls
+++ b/salt/profile/accounts.sls
@@ -2,3 +2,5 @@ include:
   - openssh
   - openssh.banner
   - openssh.config
+  - sudoers
+  - sudoers.included