fix: rename files to .yaml

.gitea/workflows/ansible-linters.yaml

@@ -12,9 +12,9 @@ jobs:
     runs-on:
     - ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5.0.1
     - name: Run ansible-lint
-      uses: ansible/ansible-lint@v25.7.0
+      uses: ansible/ansible-lint@v25.11.0
       with:
         args: "--config-file .ansible-lint"
         setup_python: "true"

.gitea/workflows/markdown-linters.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on:
     - ubuntu-latest
     steps:
-    - uses: actions/checkout@v4.2.2
+    - uses: actions/checkout@v5.0.1
-    - uses: DavidAnson/markdownlint-cli2-action@v20.0.0
+    - uses: DavidAnson/markdownlint-cli2-action@v21.0.0
       with:
         globs: '**/*.md'

meta/main.yaml

@@ -4,22 +4,22 @@ galaxy_info:
   company: Cryptic Systems
   description: Role to configure sudoers on different distributions
   galaxy_tags:
-    - sudo
+  - sudo
-    - sudoers
+  - sudoers
   license: MIT
   min_ansible_version: "2.9"
   namespace: volker-raschek
   platforms:
-    - name: ArchLinux
+  - name: ArchLinux
-      versions:
+    versions:
-        - all
+    - all
-    - name: EL
+  - name: EL
-      versions:
+    versions:
-        - all
+    - all
-    - name: Fedora
+  - name: Fedora
-      versions:
+    versions:
-        - all
+    - all
-    - name: Ubuntu
+  - name: Ubuntu
-      versions:
+    versions:
-        - all
+    - all
   role_name: "sudo"

tasks/main.yaml

@@ -0,0 +1,95 @@
+---
+
+- name: Load variables
+  ansible.builtin.include_vars: "{{ ansible_facts['os_family'] }}.yaml"
+
+- name: Verify variables
+  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+      - "{{ ansible_facts['distribution'] }}_verify_vars.yaml"
+      - "{{ ansible_facts['os_family' }}_verify_vars.yaml"
+      - "verify_vars.yaml"
+
+- name: Install sudo
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ sudo_users_package_names }}"
+
+- name: Enable includedir directive
+  ansible.builtin.lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: "^(#)+(\\s)*includedir(\\s)*/etc/sudoers.d"
+    line: "#includedir /etc/sudoers.d"
+    validate: 'visudo --check --file %s'
+    mode: "0440"
+    owner: "root"
+    group: "root"
+
+- name: Flush drop-in files of sudoers.d
+  ansible.builtin.file:
+    state: "{{ item }}"
+    path: "/etc/sudoers.d"
+    owner: "root"
+    group: "root"
+    mode: "0750"
+  with_items:
+  - absent
+  - directory
+
+- name: "Create sudoers drop-in file to execute commands for specific unix users"
+  community.general.sudoers:
+    name: "{{ item.filename | default(item.user) }}"
+    state: present
+    user: "{{ item.user }}"
+    nopassword: "{{ item.nopassword | default(false) }}"
+    commands: "{{ item.commands | default('ALL') }}"
+  with_items:
+  - "{{ sudo_users_sudoers }}"
+  when: item.user is defined and item.user | length > 0 and
+        item.group is not defined and
+        item.runas is not defined
+
+- name: "Create sudoers drop-in file to execute commands for specific unix users as specific unix user"
+  community.general.sudoers:
+    name: "{{ item.filename | default(item.user) }}"
+    state: present
+    user: "{{ item.user }}"
+    runas: "{{ item.runas }}"
+    nopassword: "{{ item.nopassword | default(false) }}"
+    commands: "{{ item.commands | default('ALL') }}"
+  with_items:
+  - "{{ sudo_users_sudoers }}"
+  when: item.user is defined and item.user | length > 0 and
+        item.group is not defined and
+        item.runas is defined and item.runas | length > 0
+
+- name: "Create sudoers drop-in file to execute commands for specific unix groups"
+  community.general.sudoers:
+    name: "{{ item.filename | default(item.group) }}"
+    state: present
+    group: "{{ item.group }}"
+    nopassword: "{{ item.nopassword | default(false) }}"
+    commands: "{{ item.commands | default('ALL') }}"
+  with_items:
+  - "{{ sudo_users_sudoers }}"
+  when: item.user is not defined and
+        item.group is defined and item.group | length > 0 and
+        item.runas is not defined
+
+- name: "Create sudoers drop-in file to execute commands for specific unix groups as specifix unix user"
+  community.general.sudoers:
+    name: "{{ item.filename | default(item.group) }}"
+    state: present
+    group: "{{ item.group }}"
+    runas: "{{ item.runas }}"
+    nopassword: "{{ item.nopassword | default(false) }}"
+    commands: "{{ item.commands | default('ALL') }}"
+  with_items:
+  - "{{ sudo_users_sudoers }}"
+  when: item.user is not defined and
+        item.group is defined and item.group | length > 0 and
+        item.runas is defined and item.runas | length > 0

tasks/main.yml

@@ -1,16 +1,16 @@
 ---
 
 - name: Load variables
-  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
+  ansible.builtin.include_vars: "{{ ansible_facts['os_family'] }}.yaml"
 
 - name: Verify variables
   ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
   vars:
     params:
       files:
-      - "{{ ansible_distribution }}_verify_vars.yml"
+      - "{{ ansible_facts['distribution'] }}_verify_vars.yaml"
-      - "{{ ansible_os_family }}_verify_vars.yml"
+      - "{{ ansible_facts['os_family' }}_verify_vars.yaml"
-      - "verify_vars.yml"
+      - "verify_vars.yaml"
 
 - name: Install sudo
   ansible.builtin.package: