- name: set sudoers right
  lineinfile:
    dest: "/etc/sudoers.d/{{user.name}}"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: "present"
    create: True
    owner: "root"
    group: "root"
    mode: "0440"
    validate: 'visudo -cf "%s"'
  with_items:
    - regexp: '^{{user.name}}\s'
      line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"
  become: True

- name: change secure path
  replace:
    path: "/etc/sudoers"
    regexp: ^Defaults\s*secure_path.*
    replace: Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
    validate: 'visudo -cf "%s"'
  become: true