30 lines
907 B
YAML
30 lines
907 B
YAML
---
|
|
- name: Ensure sudoers.d directory exists
|
|
ansible.builtin.file:
|
|
path: /mnt/etc/sudoers.d
|
|
state: directory
|
|
mode: "0755"
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Give sudo access to wheel group
|
|
ansible.builtin.copy:
|
|
content: "{{ '%sudo ALL=(ALL) ALL\n' if is_debian | bool else '%wheel ALL=(ALL) ALL\n' }}"
|
|
dest: /mnt/etc/sudoers.d/01-wheel
|
|
mode: "0440"
|
|
validate: /usr/sbin/visudo --check --file=%s
|
|
|
|
- name: Deploy per-user sudoers rules
|
|
when: item.sudo | default(false)
|
|
vars:
|
|
configuration_sudoers_rule: >-
|
|
{{ item.sudo if item.sudo is string else 'ALL=(ALL) NOPASSWD: ALL' }}
|
|
ansible.builtin.copy:
|
|
content: "{{ item.name }} {{ configuration_sudoers_rule }}\n"
|
|
dest: "/mnt/etc/sudoers.d/{{ item.name }}"
|
|
mode: "0440"
|
|
validate: /usr/sbin/visudo --check --file=%s
|
|
loop: "{{ system_cfg.users }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|