fix(configuration): handle boolean sudo values in sudoers deployment

2026-02-21 05:14:29 +01:00
parent cb46a6989f
commit ac339b54c4
1 changed files with 5 additions and 2 deletions
--- a/roles/configuration/tasks/sudo.yml
+++ b/roles/configuration/tasks/sudo.yml
@@ -15,9 +15,12 @@
    validate: /usr/sbin/visudo --check --file=%s

 - name: Deploy per-user sudoers rules
-  when: item.sudo is defined and (item.sudo | string | length) > 0
+  when: item.sudo | default(false)
+  vars:
+    configuration_sudoers_rule: >-
+      {{ item.sudo if item.sudo is string else 'ALL=(ALL) NOPASSWD: ALL' }}
  ansible.builtin.copy:
-    content: "{{ item.name }} {{ item.sudo }}\n"
+    content: "{{ item.name }} {{ configuration_sudoers_rule }}\n"
    dest: "/mnt/etc/sudoers.d/{{ item.name }}"
    mode: "0440"
    validate: /usr/sbin/visudo --check --file=%s