users/tasks/sudo.yml

---
- name: user | install dependencies for sudo
  apt:
    name: sudo

- name: user | ensure sudoers.d is included in config
  lineinfile:
    dest: /etc/sudoers
    line: "#includedir /etc/sudoers.d"
    state: present
    validate: "/usr/sbin/visudo -cf %s"
  with_items: "{{users_system.user|default([])}}"
  when: item.sudo is defined

- name: user | add custom sudoers
  template:
    src: "{{ item.sudo.template|default('sudoers.j2') }}"
    dest: "/etc/sudoers.d/{{ item.name }}"
    owner: root
    group: root
    mode: 0440
    validate: "/usr/sbin/visudo -cf %s"
  with_items: "{{users_system.user|default([])}}"
  when: ((item.name is defined and item.name != 'root') and (item.state is undefined or (item.state is defined and item.state != 'absent')) and (item.sudo is defined and item.sudo.content is not defined))
initial commit 2024-12-17 17:48:17 +01:00			`---`
			`- name: user \| install dependencies for sudo`
			`apt:`
			`name: sudo`

			`- name: user \| ensure sudoers.d is included in config`
			`lineinfile:`
			`dest: /etc/sudoers`
			`line: "#includedir /etc/sudoers.d"`
			`state: present`
			`validate: "/usr/sbin/visudo -cf %s"`
			`with_items: "{{users_system.user\|default([])}}"`
			`when: item.sudo is defined`

			`- name: user \| add custom sudoers`
			`template:`
			`src: "{{ item.sudo.template\|default('sudoers.j2') }}"`
			`dest: "/etc/sudoers.d/{{ item.name }}"`
			`owner: root`
			`group: root`
			`mode: 0440`
			`validate: "/usr/sbin/visudo -cf %s"`
			`with_items: "{{users_system.user\|default([])}}"`
			`when: ((item.name is defined and item.name != 'root') and (item.state is undefined or (item.state is defined and item.state != 'absent')) and (item.sudo is defined and item.sudo.content is not defined))`