From 41fc32cd5c08670a1aa9fe6c166f879d7d713ae2 Mon Sep 17 00:00:00 2001
From: Hannes Braun <hannes.braun@slub-dresden.de>
Date: Thu, 16 Mar 2023 16:09:48 +0100
Subject: [PATCH] Added task and template to make user sudo, if defined

---
 defaults/main.yml                                |  1 +
 tasks/main.yml                                   | 11 +++++++++++
 templates/etc/sudoers.d/sudoers-user-file.jinja2 |  1 +
 3 files changed, 13 insertions(+)
 create mode 100644 templates/etc/sudoers.d/sudoers-user-file.jinja2

diff --git a/defaults/main.yml b/defaults/main.yml
index 8dbbf8e..27f5c40 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,5 +6,6 @@ human_users:
   #   extra_groups: "ssh"
   #   ssh_key_file: "claussni.pub"
   #   ssh_key_url: https://git.slub-dresden.de/{{ name }}.keys
+  #   sudo: false | true
 
 absent_users: []
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index 77f6177..b70f31c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -23,6 +23,17 @@
   with_items: "{{ human_users }}"
   become: true
 
+- name: make user sudo if
+  ansible.builtin.template:
+    src: etc/sudoers.d/sudoers-user-file.jinja2
+    dest: /etc/sudoers.d/{{ item.name }}
+    owner: root
+    group: root
+    mode: 0440
+    validate: /usr/sbin/visudo -cf %s
+  when: ( item.sudo = true )
+  with_items: "{{ human_users }}"
+
 - name: Add user to groups
   user:
     name: "{{ item.name }}"
diff --git a/templates/etc/sudoers.d/sudoers-user-file.jinja2 b/templates/etc/sudoers.d/sudoers-user-file.jinja2
new file mode 100644
index 0000000..55d0532
--- /dev/null
+++ b/templates/etc/sudoers.d/sudoers-user-file.jinja2
@@ -0,0 +1 @@
+{{ item.name }}     ALL=(ALL) NOPASSWD:ALL
\ No newline at end of file
-- 
GitLab