From 085eb2b2d34f0476ab985cc847f843d533f9efb4 Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Sat, 26 Mar 2022 11:59:10 +0100
Subject: [PATCH] sudo: one command per line

---
 bundles/sudo/files/sudoer | 3 +++
 bundles/sudo/items.py     | 7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 bundles/sudo/files/sudoer

diff --git a/bundles/sudo/files/sudoer b/bundles/sudo/files/sudoer
new file mode 100644
index 0000000..f362790
--- /dev/null
+++ b/bundles/sudo/files/sudoer
@@ -0,0 +1,3 @@
+% for command in sorted(commands):
+${user} ALL=(ALL) NOPASSWD: ${command}
+% endfor
diff --git a/bundles/sudo/items.py b/bundles/sudo/items.py
index 8d81dcb..0f9acea 100644
--- a/bundles/sudo/items.py
+++ b/bundles/sudo/items.py
@@ -6,6 +6,11 @@ directories = {
 
 for user, commands in node.metadata.get('sudoers').items():
     files[f'/etc/sudoers.d/{user}'] = {
-        'content': f"{user} ALL=(ALL) NOPASSWD: {', '.join(sorted(commands))}",
+        'content_type': 'mako',
+        'source': 'sudoer',
+        'context': {
+            'user': user,
+            'commands': commands,
+        },
         'mode': '500',
     }