---

- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
  template:
    src: etc/sudoers.d/50-user.j2
    dest: /etc/sudoers.d/50-user
    validate: visudo -cf %s
    owner: root
    group: root
    mode: 0440
  tags:
    - sudoers-file-configuration

- name: (sudoers.yml) update global sudoers configuration file
  template:
    src: etc/sudoers.j2
    dest: /etc/sudoers
    owner: root
    group: root
    mode: 0440
    validate: visudo -cf %s
  tags:
    - sudoers-global-configuration

- name: (sudoers.yml) Ensure all sudo_users are in sudo group
  user:
    name: "{{ item }}"
    groups: sudo
    append: yes
  with_items: "{{ sudo_users }}"
  tags:
    - sudo-users