# Sudoers configuration for VPN Manager
# Allow www-data user to execute OpenVPN management scripts without password

# OpenVPN management script permissions
www-data ALL=(ALL) NOPASSWD: /var/www/html/openvpn/scripts/openvpn-manager.sh
www-data ALL=(ALL) NOPASSWD: /usr/sbin/openvpn
www-data ALL=(ALL) NOPASSWD: /bin/systemctl restart openvpn@server
www-data ALL=(ALL) NOPASSWD: /bin/systemctl status openvpn@server
www-data ALL=(ALL) NOPASSWD: /bin/systemctl start openvpn@server
www-data ALL=(ALL) NOPASSWD: /bin/systemctl stop openvpn@server

# File management for certificates
www-data ALL=(ALL) NOPASSWD: /bin/rm -rf /var/www/html/openvpn/certificates/clients/*

# EasyRSA commands
www-data ALL=(ALL) NOPASSWD: /etc/openvpn/easy-rsa/easyrsa *