#!/bin/bash

# Load configuration file
source config.sh

# Deny login to all users
sudo realm deny --all

# Allow login to domain groups
sudo realm permit -g "Domain Admins"
sudo realm permit -g "Access - Admin - All Servers"
sudo realm permit -g "Access - Admin - $NEW_HOSTNAME"

# Set up sudoers file
echo "%Domain\ Admins     ALL=(ALL:ALL)   ALL" | sudo tee /etc/sudoers.d/LocalAdmins > /dev/null
echo "%Access\ -\ Admin\ -\ All\ Servers     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null
echo "%Access\ -\ Admin\ -\ $NEW_HOSTNAME     ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/LocalAdmins > /dev/null