- name: Set sudoers right
  ansible.builtin.lineinfile:
    dest: '/etc/sudoers.d/{{ user.name }}'
    regexp: '{{ item.regexp }}'
    line: '{{ item.line }}'
    state: 'present'
    create: True
    owner: 'root'
    group: 'root'
    mode: '0440'
    validate: 'visudo -cf "%s"'
  with_items:
    - regexp: '^{{ user.name }}\s'
      line: '{{ user.name }} ALL = (ALL) NOPASSWD:ALL'
  become: True

- name: Change secure path
  ansible.builtin.replace:
    path: '/etc/sudoers'
    regexp: ^Defaults\s*secure_path.*
    replace: Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
    validate: 'visudo -cf "%s"'
  become: true