ACME: Allow acme service to restart nginx with no sudo password

author: Frederick Muriuki Muriithi 2025-04-03 12:26:07 -0500
committer: Frederick Muriuki Muriithi 2025-04-03 12:58:22 -0500
commit: 01bf00c060f00af089bb8cd57ff7eeb966c0afab (patch)
tree: 42ab6b7fc08c087ad98bd4f2749e97fdd760c324
parent: a5e43e8a2f53d18283e2c6c2cd080131cb93b3e2 (diff)
download: gn-machines-01bf00c060f00af089bb8cd57ff7eeb966c0afab.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/public-sparql.scm b/public-sparql.scm
index 6fbf75c..4603cec 100644
--- a/public-sparql.scm
+++ b/public-sparql.scm
@@ -20,6 +20,7 @@
 (use-modules (gnu)
              (gn services databases)
              (gnu services web)
+             ((gnu packages admin) #:select (shepherd))
              (forge nginx)
              (forge socket))
 
@@ -50,6 +51,10 @@ SPARQL endpoint is listening on."
                (targets (list "/dev/sdX"))))
   (file-systems %base-file-systems)
   (users %base-user-accounts)
+  (sudoers-file
+   (mixed-text-file "sudoers"
+                    "@include " %sudoers-specification
+                    "\nacme ALL = NOPASSWD: " (file-append shepherd "/bin/herd") " restart nginx\n"))
   (packages %base-packages)
   (services (cons* (service virtuoso-service-type
                             (virtuoso-configuration
author	Frederick Muriuki Muriithi	2025-04-03 12:26:07 -0500
committer	Frederick Muriuki Muriithi	2025-04-03 12:58:22 -0500
commit	01bf00c060f00af089bb8cd57ff7eeb966c0afab (patch)
tree	42ab6b7fc08c087ad98bd4f2749e97fdd760c324
parent	a5e43e8a2f53d18283e2c6c2cd080131cb93b3e2 (diff)
download	gn-machines-01bf00c060f00af089bb8cd57ff7eeb966c0afab.tar.gz