# /etc/sudoers.d/ops-agent
# NOPASSWD for explicit invocations by the ops-agent service account.
# Only the service names + wrapper scripts whitelisted in commands.yml are listed here.
# Installed by deploy/ops-agent/setup.sh.

ops-agent ALL=(root) NOPASSWD: \
    /usr/bin/systemctl restart scrum4me-web, \
    /usr/bin/systemctl restart ops-agent, \
    /usr/bin/systemctl restart caddy, \
    /srv/backups/scripts/wrappers/read-status.sh, \
    /srv/backups/scripts/wrappers/restic-snapshots.sh nas, \
    /srv/backups/scripts/wrappers/restic-snapshots.sh b2, \
    /srv/backups/scripts/wrappers/restic-stats.sh nas, \
    /srv/backups/scripts/wrappers/restic-stats.sh b2, \
    /srv/backups/scripts/wrappers/restic-check.sh nas, \
    /srv/backups/scripts/wrappers/restic-check.sh b2, \
    /srv/backups/scripts/wrappers/trigger-backup.sh, \
    /srv/backups/scripts/wrappers/trigger-restore-test.sh nas, \
    /srv/backups/scripts/wrappers/trigger-restore-test.sh b2
