diff --git a/defaults/main.yml b/defaults/main.yml
index 8dbbf8e6da864b3af39ca5e2228aac534e3f007a..27f5c409a229edf71d22e56dba428ed9895ccb75 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,5 +6,6 @@ human_users:
   #   extra_groups: "ssh"
   #   ssh_key_file: "claussni.pub"
   #   ssh_key_url: https://git.slub-dresden.de/{{ name }}.keys
+  #   sudo: false | true
 
 absent_users: []
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index 77f617747fd513a943caadd092850e7dc23729df..b70f31c6a04ec05437e3bd9a9f1a14e67107c0cd 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -23,6 +23,17 @@
   with_items: "{{ human_users }}"
   become: true
 
+- name: make user sudo if
+  ansible.builtin.template:
+    src: etc/sudoers.d/sudoers-user-file.jinja2
+    dest: /etc/sudoers.d/{{ item.name }}
+    owner: root
+    group: root
+    mode: 0440
+    validate: /usr/sbin/visudo -cf %s
+  when: ( item.sudo = true )
+  with_items: "{{ human_users }}"
+
 - name: Add user to groups
   user:
     name: "{{ item.name }}"
diff --git a/templates/etc/sudoers.d/sudoers-user-file.jinja2 b/templates/etc/sudoers.d/sudoers-user-file.jinja2
new file mode 100644
index 0000000000000000000000000000000000000000..55d05322d27fa347418ebac4ab95a277061f0f7c
--- /dev/null
+++ b/templates/etc/sudoers.d/sudoers-user-file.jinja2
@@ -0,0 +1 @@
+{{ item.name }}     ALL=(ALL) NOPASSWD:ALL
\ No newline at end of file