system/tasks/sudoers.yml

- name: Set sudoers right
  ansible.builtin.lineinfile:
    dest: '/etc/sudoers.d/{{ user.name }}'
    regexp: '{{ item.regexp }}'
    line: '{{ item.line }}'
    state: 'present'
    create: True
    owner: 'root'
    group: 'root'
    mode: '0440'
    validate: 'visudo -cf "%s"'
  with_items:
    - regexp: '^{{ user.name }}\s'
      line: '{{ user.name }} ALL = (ALL) NOPASSWD:ALL'
  become: True

- name: Change secure path
  ansible.builtin.replace:
    path: '/etc/sudoers'
    regexp: ^Defaults\s*secure_path.*
    replace: Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
    validate: 'visudo -cf "%s"'
  become: true
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- name: Set sudoers right`
			`ansible.builtin.lineinfile:`
			`dest: '/etc/sudoers.d/{{ user.name }}'`
			`regexp: '{{ item.regexp }}'`
			`line: '{{ item.line }}'`
			`state: 'present'`
add sudoers 2022-11-11 16:48:09 +00:00			`create: True`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`owner: 'root'`
			`group: 'root'`
			`mode: '0440'`
add sudoers 2022-11-11 16:48:09 +00:00			`validate: 'visudo -cf "%s"'`
			`with_items:`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- regexp: '^{{ user.name }}\s'`
			`line: '{{ user.name }} ALL = (ALL) NOPASSWD:ALL'`
add sudoers 2022-11-11 16:48:09 +00:00			`become: True`
change lineingfile by replace 2022-11-13 13:45:33 +00:00
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- name: Change secure path`
			`ansible.builtin.replace:`
			`path: '/etc/sudoers'`
change lineingfile by replace 2022-11-13 13:45:33 +00:00			`regexp: ^Defaults\ssecure_path.`
			`replace: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin`
			`validate: 'visudo -cf "%s"'`
			`become: true`