---

- name: (sudoers.yml) include variables
  include_vars: "{{ item }}"
  with_first_found:
    - "sudoers-{{ inventory_hostname }}.yml"
    - "sudoers-{{ ansible_distribution_release }}.yml"
    - "sudoers-{{ ansible_distribution | lower }}.yml"
    - "sudoers-default.yml"
  tags:
    - sudoers-remove
    - sudoers-file-configuration
    - sudoers-global-configuration
    
- name: (sudoers.yml) Remove user entries in file /etc/sudoers
  lineinfile:
    dest: /etc/sudoers
    state: absent
    regexp: '^{{ item }}'
    owner: root
    group: root
    mode: 0440
    validate: visudo -cf %s
  with_items: '{{ sudoers_remove_user }}'
  tags:
    - sudoers-remove

- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
  template:
    src: etc/sudoers.d/50-user.j2
    dest: /etc/sudoers.d/50-user
    #validate: visudo -cf %s
    owner: root
    group: root
    mode: 0440
  tags:
    - sudoers-file-configuration

- name: (sudoers.yml) update global sudoers configuration file
  template:
    src: etc/sudoers.j2
    dest: /etc/sudoers
    owner: root
    group: root
    mode: 0440
    #validate: visudo -cf %s
  tags:
    - sudoers-global-configuration

- name: (sudoers.yml) Ensure all sudo_users are in sudo group
  user:
    name: "{{ item }}"
    groups: sudo
    append: yes
  with_items: "{{ sudo_users }}"
  tags:
    - sudo-users