---

#- name: (sudoers-server.yml) include variables
#  include_vars: "{{ item }}"
#  with_first_found:
#    - "sudoers-{{ inventory_hostname }}.yml"
#    - "sudoers-{{ ansible_distribution_release }}.yml"
#    - "sudoers-{{ ansible_distribution | lower }}.yml"
#    - "sudoers-default.yml"
#  tags:
#    - sudoers-remove
#    - sudoers-file-configuration
#    - sudoers-global-configuration
    
- name: (sudoers-server.yml) Remove user entries in file /etc/sudoers
  lineinfile:
    dest: /etc/sudoers
    state: absent
    regexp: '^{{ item }}'
    owner: root
    group: root
    mode: 0440
    validate: visudo -cf %s
  with_items: '{{ sudoers_server_remove_user }}'
  tags:
    - sudoers-remove

- name: (sudoers-server.yml) update specific sudoers configuration files (/etc/sudoers.d/)
  template:
    src: etc/sudoers.d/50-user.server.j2
    dest: /etc/sudoers.d/50-user
    #validate: visudo -cf %s
    owner: root
    group: root
    mode: 0440
  tags:
    - sudoers-file-configuration

- name: (sudoers-server.yml) update global sudoers configuration file
  template:
    src: etc/sudoers.server.j2
    dest: /etc/sudoers
    owner: root
    group: root
    mode: 0440
    #validate: visudo -cf %s
  tags:
    - sudoers-global-configuration

- name: (sudoers-server.yml) Ensure all sudo_users are in sudo group
  user:
    name: "{{ item }}"
    groups: sudo
    append: yes
  with_items: "{{ sudo_server_users }}"
  tags:
    - sudo-users