--- - name: Load variables include_vars: "{{ ansible_os_family }}.yml" - name: Verify variables include_tasks: "{{ lookup('first_found', params) }}" vars: params: files: - "{{ ansible_distribution }}_verify_vars.yml" - "{{ ansible_os_family }}_verify_vars.yml" - "verify_vars.yml" - name: Install sudo package: name: "{{ item }}" state: present with_items: "{{ sudo_users_package_names }}" - name: Enable includedir directive lineinfile: dest: /etc/sudoers state: present regexp: "^(#)+(\\s)*includedir(\\s)*/etc/sudoers.d" line: "#includedir /etc/sudoers.d" validate: 'visudo --check --file %s' mode: 0440 owner: root group: root - name: Flush drop-in files of sudoers.d file: state: "{{ item }}" path: "/etc/sudoers.d" owner: root group: root mode: 0750 with_items: - absent - directory - name: "Create sudoers drop-in file to execute commands for specific unix users" community.general.sudoers: name: "{{ item.filename | default(item.user) }}" state: present user: "{{ item.user }}" nopassword: "{{ item.nopassword | default(false) }}" commands: "{{ item.commands | default('ALL') }}" with_items: - "{{ sudo_users_sudoers }}" when: item.user is defined and item.user | length > 0 and item.group is not defined and item.runas is not defined - name: "Create sudoers drop-in file to execute commands for specific unix users as specific unix user" community.general.sudoers: name: "{{ item.filename | default(item.user) }}" state: present user: "{{ item.user }}" runas: "{{ item.runas }}" nopassword: "{{ item.nopassword | default(false) }}" commands: "{{ item.commands | default('ALL') }}" with_items: - "{{ sudo_users_sudoers }}" when: item.user is defined and item.user | length > 0 and item.group is not defined and item.runas is defined and item.runas | length > 0 - name: "Create sudoers drop-in file to execute commands for specific unix groups" community.general.sudoers: name: "{{ item.filename | default(item.group) }}" state: present group: "{{ item.group }}" nopassword: "{{ item.nopassword | default(false) }}" commands: "{{ item.commands | default('ALL') }}" with_items: - "{{ sudo_users_sudoers }}" when: item.user is not defined and item.group is defined and item.group | length > 0 and item.runas is not defined - name: "Create sudoers drop-in file to execute commands for specific unix groups as specifix unix user" community.general.sudoers: name: "{{ item.filename | default(item.group) }}" state: present group: "{{ item.group }}" runas: "{{ item.runas }}" nopassword: "{{ item.nopassword | default(false) }}" commands: "{{ item.commands | default('ALL') }}" with_items: - "{{ sudo_users_sudoers }}" when: item.user is not defined and item.group is defined and item.group | length > 0 and item.runas is defined and item.runas | length > 0