Configure sudo in separate file

author: Johannes Christ <[email protected]> 2024-05-12 08:52:05 +0200
committer: jchristgit <[email protected]> 2024-05-12 08:55:05 +0200
commit: 8a4c9b540d6b15bc98fb4e9af631e3d8a78ff351 (patch)
tree: dbef2dbecf12a7bae582133d7eb9990de486497d
parent: Bump jinja2 from 3.1.3 to 3.1.4 (diff)
2 files changed, 17 insertions, 2 deletions
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index d23c6e0..af2d010 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -84,12 +84,23 @@
   tags:
     - role::common
 
-- name: Add sudoers lecture path
+- name: Configure sudo
+  template:
+    src: sudoers.j2
+    dest: /etc/sudoers.d/pydis
+    owner: root
+    group: root
+    mode: '0440'
+    validate: /usr/sbin/visudo -cf %s
+  tags:
+    - role::common
+
+- name: Remove sudoers lecture path
   lineinfile:
     dest: /etc/sudoers
     regexp: '^Defaults +?lecture_file ?= ?".+?"$'
     line: 'Defaults    lecture_file = "/etc/sudo_lecture"'
-    state: present
+    state: absent
     validate: /usr/sbin/visudo -cf %s
   tags:
     - role::common
diff --git a/ansible/roles/common/templates/sudoers.j2 b/ansible/roles/common/templates/sudoers.j2
new file mode 100644
index 0000000..91d24cc
--- /dev/null
+++ b/ansible/roles/common/templates/sudoers.j2
@@ -0,0 +1,4 @@
+Defaults lecture_file="/etc/sudo_lecture"
+Defaults insults
+
+# vim: ft=sudoers.j2:
author	Johannes Christ <[email protected]>	2024-05-12 08:52:05 +0200
committer	jchristgit <[email protected]>	2024-05-12 08:55:05 +0200
commit	8a4c9b540d6b15bc98fb4e9af631e3d8a78ff351 (patch)
tree	dbef2dbecf12a7bae582133d7eb9990de486497d
parent	Bump jinja2 from 3.1.3 to 3.1.4 (diff)