Initial commit

roles/common/tasks/sudoers-server.yml

@@ -0,0 +1,57 @@
+---
+
+#- name: (sudoers-server.yml) include variables
+#  include_vars: "{{ item }}"
+#  with_first_found:
+#    - "sudoers-{{ inventory_hostname }}.yml"
+#    - "sudoers-{{ ansible_distribution_release }}.yml"
+#    - "sudoers-{{ ansible_distribution | lower }}.yml"
+#    - "sudoers-default.yml"
+#  tags:
+#    - sudoers-remove
+#    - sudoers-file-configuration
+#    - sudoers-global-configuration
+    
+- name: (sudoers-server.yml) Remove user entries in file /etc/sudoers
+  lineinfile:
+    dest: /etc/sudoers
+    state: absent
+    regexp: '^{{ item }}'
+    owner: root
+    group: root
+    mode: 0440
+    validate: visudo -cf %s
+  with_items: '{{ sudoers_server_remove_user }}'
+  tags:
+    - sudoers-remove
+
+- name: (sudoers-server.yml) update specific sudoers configuration files (/etc/sudoers.d/)
+  template:
+    src: etc/sudoers.d/50-user.server.j2
+    dest: /etc/sudoers.d/50-user
+    #validate: visudo -cf %s
+    owner: root
+    group: root
+    mode: 0440
+  tags:
+    - sudoers-file-configuration
+
+- name: (sudoers-server.yml) update global sudoers configuration file
+  template:
+    src: etc/sudoers.server.j2
+    dest: /etc/sudoers
+    owner: root
+    group: root
+    mode: 0440
+    #validate: visudo -cf %s
+  tags:
+    - sudoers-global-configuration
+
+- name: (sudoers-server.yml) Ensure all sudo_users are in sudo group
+  user:
+    name: "{{ item }}"
+    groups: sudo
+    append: yes
+  with_items: "{{ sudo_server_users }}"
+  tags:
+    - sudo-users