# Allow support user to run read-only system administration and monitoring commands
Cmnd_Alias IPTABLES_ALL_SUPPORT = /usr/sbin/iptables *, \
    /usr/sbin/iptables-save, \
    /usr/sbin/iptables-restore

Cmnd_Alias IPSET_ALL_SUPPORT = /usr/sbin/ipset *

Cmnd_Alias CONNTRACK_ALL_SUPPORT = /usr/sbin/conntrack *

Cmnd_Alias IPSEC_CONTROL_SUPPORT = /usr/sbin/ipsec status, \
    /usr/sbin/ipsec status *, \
    /usr/sbin/ipsec statusall, \
    /usr/sbin/ipsec --help, \
    /usr/sbin/ipsec start, \
    /usr/sbin/ipsec stop, \
    /usr/sbin/ipsec restart

Cmnd_Alias SERVICE_ALL_SUPPORT = /usr/sbin/service *

Cmnd_Alias SYSTEMCTL_CONTROL_SUPPORT = /usr/bin/systemctl status, \
    /usr/bin/systemctl status *, \
    /usr/bin/systemctl restart *, \
    /usr/bin/systemctl start *, \
    /usr/bin/systemctl stop *, \
    /usr/bin/systemctl disable *, \
    /usr/bin/systemctl enable *, \
    /usr/bin/systemctl reload *, \
    /usr/bin/systemctl list-units, \
    /usr/bin/systemctl list-units *, \
    /usr/bin/systemctl list-unit-files, \
    /usr/bin/systemctl list-unit-files *, \
    /usr/bin/systemctl is-active *, \
    /usr/bin/systemctl is-enabled *, \
    /usr/bin/systemctl is-failed *, \
    /usr/bin/systemctl -a, \
    /usr/bin/systemctl --all, \
    /usr/bin/systemctl --help

Cmnd_Alias REDIS_READONLY_SUPPORT = /usr/bin/redis-cli info, \
    /usr/bin/redis-cli info *, \
    /usr/bin/redis-cli ping, \
    /usr/bin/redis-cli config get *, \
    /usr/bin/redis-cli client list, \
    /usr/bin/redis-cli memory usage *, \
    /usr/bin/redis-cli dbsize, \
    /usr/bin/redis-cli lastsave, \
    /usr/bin/redis-cli time, \
    /usr/bin/redis-cli monitor, \
    /usr/bin/redis-cli keys *, \
    /usr/bin/redis-cli json.get *, \
    /usr/bin/redis-cli -n * config get *, \
    /usr/bin/redis-cli -n * keys *, \
    /usr/bin/redis-cli -n * json.get *, \
    /usr/bin/redis-cli -p * -n * llen *, \
    /usr/bin/redis-cli -p * -n * keys *, \
    /usr/bin/redis-cli --help

Cmnd_Alias CELERY_READONLY_SUPPORT = /bin/bash /opt/control.setloki/tools/collect_celery_states.sh, \
    /opt/venv3/bin/celery --workdir /opt/control.setloki -A tasks.task_manager inspect *, \
    /bin/bash /opt/control.setloki/tools/collect_debug_data.sh, \
    /usr/bin/mv /tmp/*.tar.xz /home/support/

Cmnd_Alias NETSTAT_READONLY_SUPPORT = /usr/bin/netstat -a, \
    /usr/bin/netstat -l, \
    /usr/bin/netstat -n, \
    /usr/bin/netstat -r, \
    /usr/bin/netstat -s, \
    /usr/bin/netstat -i, \
    /usr/bin/netstat -p, \
    /usr/bin/netstat -tulpn, \
    /usr/bin/netstat -an, \
    /usr/bin/netstat -ln, \
    /usr/bin/netstat -nr

Cmnd_Alias VMSTAT_READONLY_SUPPORT = /usr/bin/vmstat -s, \
    /usr/bin/vmstat -d, \
    /usr/bin/vmstat -p, \
    /usr/bin/vmstat -S k, \
    /usr/bin/vmstat -S m, \
    /usr/bin/vmstat -S M, \
    /usr/bin/vmstat 1, \
    /usr/bin/vmstat 3, \
    /usr/bin/vmstat 5

Cmnd_Alias LSOF_READONLY_SUPPORT = /usr/bin/lsof -i, \
    /usr/bin/lsof -n, \
    /usr/bin/lsof -i -P, \
    /usr/bin/lsof -i -n

Cmnd_Alias ARP_READONLY_SUPPORT = /usr/sbin/arp -a, \
    /usr/sbin/arp -n, \
    /usr/sbin/arp -e, \
    /usr/sbin/arp -a -n, \
    /usr/sbin/arp -e -n

Cmnd_Alias IP_READONLY_SUPPORT = /usr/sbin/ip addr show, \
    /usr/sbin/ip addr list, \
    /usr/sbin/ip a show, \
    /usr/sbin/ip a list, \
    /usr/sbin/ip a, \
    /usr/sbin/ip link show, \
    /usr/sbin/ip link list, \
    /usr/sbin/ip route show, \
    /usr/sbin/ip route list, \
    /usr/sbin/ip route get *, \
    /usr/sbin/ip neigh show, \
    /usr/sbin/ip neigh list, \
    /usr/sbin/ip rule show, \
    /usr/sbin/ip rule list, \
    /usr/sbin/ip -s link, \
    /usr/sbin/ip -s link show, \
    /usr/sbin/ip -s link list, \
    /usr/sbin/ip -4 addr show, \
    /usr/sbin/ip -4 route show, \
    /usr/sbin/ip -6 addr show, \
    /usr/sbin/ip -6 route show

Cmnd_Alias APT_READONLY_SUPPORT = /usr/bin/apt list, \
    /usr/bin/apt list *, \
    /usr/bin/apt search *, \
    /usr/bin/apt show *, \
    /usr/bin/apt policy, \
    /usr/bin/apt policy *, \
    /usr/bin/apt-cache search *, \
    /usr/bin/apt-cache show *, \
    /usr/bin/apt-cache policy, \
    /usr/bin/apt-cache policy *, \
    /usr/bin/apt-cache depends *, \
    /usr/bin/apt-cache rdepends *, \
    /usr/bin/apt-cache pkgnames, \
    /usr/bin/apt-cache stats, \
    /usr/bin/dpkg -l, \
    /usr/bin/dpkg -l *, \
    /usr/bin/dpkg -L *, \
    /usr/bin/dpkg -s *, \
    /usr/bin/dpkg --list, \
    /usr/bin/dpkg --list *, \
    /usr/bin/dpkg --listfiles *, \
    /usr/bin/dpkg --status *, \
    /usr/bin/dpkg --get-selections, \
    /usr/bin/dpkg-query -l, \
    /usr/bin/dpkg-query -l *, \
    /usr/bin/dpkg-query -L *, \
    /usr/bin/dpkg-query -s *, \
    /usr/bin/dpkg-query -W, \
    /usr/bin/dpkg-query -W *

Cmnd_Alias WG_READONLY_SUPPORT = /usr/bin/wg show, \
    /usr/bin/wg show *, \
    /usr/bin/wg showconf *, \
    /usr/bin/wg help, \
    /usr/bin/wg --help

Cmnd_Alias AWG_READONLY_SUPPORT = /usr/bin/awg show, \
    /usr/bin/awg show *, \
    /usr/bin/awg showconf *, \
    /usr/bin/awg help, \
    /usr/bin/awg --help

Cmnd_Alias WG_QUICK_CONTROL_SUPPORT = /usr/bin/wg-quick up *, \
    /usr/bin/wg-quick down *, \
    /usr/bin/wg-quick --help

Cmnd_Alias AWG_QUICK_CONTROL_SUPPORT = /usr/bin/awg-quick up *, \
    /usr/bin/awg-quick down *, \
    /usr/bin/awg-quick --help

Cmnd_Alias TCPDUMP_ALL_SUPPORT = /usr/bin/tcpdump, \
    /usr/local/bin/tcpdump

Cmnd_Alias UPDATE_CONTROL_SUPPORT = /bin/bash /opt/control.setloki/tools/update.sh, \
    /bin/bash /opt/control.setloki/tools/update.sh *

Cmnd_Alias ACTIVATION_SUPPORT = /opt/control.setloki/service/automatic_activation.bin *

Cmnd_Alias LOKI_ALL_SUPPORT = /usr/bin/loki_utils, \
    /usr/bin/loki

Cmnd_Alias CMD_ALL_SUPPORT = /usr/bin/dmesg, \
    /usr/sbin/iftop, \
    /usr/sbin/traceroute, \
    /usr/bin/dig, \
    /usr/bin/journalctl, \
    /usr/bin/printenv, \
    /usr/sbin/logrotate

support ALL=(ALL) NOPASSWD: IPTABLES_ALL_SUPPORT, \
    IPSET_ALL_SUPPORT, \
    CONNTRACK_ALL_SUPPORT, \
    IPSEC_CONTROL_SUPPORT, \
    SERVICE_ALL_SUPPORT, \
    SYSTEMCTL_CONTROL_SUPPORT, \
    REDIS_READONLY_SUPPORT, \
    CELERY_READONLY_SUPPORT, \
    NETSTAT_READONLY_SUPPORT, \
    VMSTAT_READONLY_SUPPORT, \
    LSOF_READONLY_SUPPORT, \
    ARP_READONLY_SUPPORT, \
    IP_READONLY_SUPPORT, \
    APT_READONLY_SUPPORT, \
    WG_READONLY_SUPPORT, \
    WG_QUICK_CONTROL_SUPPORT, \
    AWG_READONLY_SUPPORT, \
    AWG_QUICK_CONTROL_SUPPORT, \
    TCPDUMP_ALL_SUPPORT, \
    UPDATE_CONTROL_SUPPORT, \
    ACTIVATION_SUPPORT, \
    LOKI_ALL_SUPPORT, \
    CMD_ALL_SUPPORT