---

- name: Load variables
  include_vars: "{{ ansible_os_family }}.yml"

- name: Verify variables
  include_tasks: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files:
      - "{{ ansible_distribution }}_verify_vars.yml"
      - "{{ ansible_os_family }}_verify_vars.yml"
      - "verify_vars.yml"

- name: Install sudo
  package:
    name: "{{ item }}"
    state: present
  with_items: "{{ sudo_users_package_names }}"

- name: Enable includedir directive
  lineinfile:
    dest: /etc/sudoers
    state: present
    regexp: "^(#)+(\\s)*includedir(\\s)*/etc/sudoers.d"
    line: "#includedir /etc/sudoers.d"
    validate: 'visudo --check --file %s'
    mode: 0440
    owner: root
    group: root

- name: Flush drop-in files of sudoers.d
  file:
    state: "{{ item }}"
    path: "/etc/sudoers.d"
    owner: root
    group: root
    mode: 0750
  with_items:
  - absent
  - directory

- name: "Create sudoers drop-in file to execute commands for specific unix users"
  community.general.sudoers:
    name: "{{ item.filename | default(item.user) }}"
    state: present
    user: "{{ item.user }}"
    nopassword: "{{ item.nopassword | default(false) }}"
    commands: "{{ item.commands | default('ALL') }}"
  with_items:
  - "{{ sudo_users_sudoers }}"
  when: item.user is defined and item.user | length > 0 and
        item.group is not defined and
        item.runas is not defined

- name: "Create sudoers drop-in file to execute commands for specific unix users as specific unix user"
  community.general.sudoers:
    name: "{{ item.filename | default(item.user) }}"
    state: present
    user: "{{ item.user }}"
    runas: "{{ item.runas }}"
    nopassword: "{{ item.nopassword | default(false) }}"
    commands: "{{ item.commands | default('ALL') }}"
  with_items:
  - "{{ sudo_users_sudoers }}"
  when: item.user is defined and item.user | length > 0 and
        item.group is not defined and
        item.runas is defined and item.runas | length > 0

- name: "Create sudoers drop-in file to execute commands for specific unix groups"
  community.general.sudoers:
    name: "{{ item.filename | default(item.group) }}"
    state: present
    group: "{{ item.group }}"
    nopassword: "{{ item.nopassword | default(false) }}"
    commands: "{{ item.commands | default('ALL') }}"
  with_items:
  - "{{ sudo_users_sudoers }}"
  when: item.user is not defined and
        item.group is defined and item.group | length > 0 and
        item.runas is not defined

- name: "Create sudoers drop-in file to execute commands for specific unix groups as specifix unix user"
  community.general.sudoers:
    name: "{{ item.filename | default(item.group) }}"
    state: present
    group: "{{ item.group }}"
    runas: "{{ item.runas }}"
    nopassword: "{{ item.nopassword | default(false) }}"
    commands: "{{ item.commands | default('ALL') }}"
  with_items:
  - "{{ sudo_users_sudoers }}"
  when: item.user is not defined and
        item.group is defined and item.group | length > 0 and
        item.runas is defined and item.runas | length > 0