From fa497b280ef0638beddee5940a3bf850c8898106 Mon Sep 17 00:00:00 2001
From: Jeremy Dubois <jdubois@evolix.fr>
Date: Thu, 8 Oct 2020 15:42:52 +0200
Subject: [PATCH] Configure sudoers umask

This configuration is checked by evocheck,
so it should be present by default
---
 roles/base/tasks/sudo.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml
index 0d0467d..26913bc 100644
--- a/roles/base/tasks/sudo.yml
+++ b/roles/base/tasks/sudo.yml
@@ -1,4 +1,13 @@
 ---
+- name: Configure sudoers umask
+  lineinfile:
+    dest: /etc/sudoers
+    insertafter: '# Defaults specification'
+    line: 'Defaults umask=0077'
+    validate: 'visudo -cf %s'
+  tags:
+    - sudo
+
 # dont't break the tab!
 - name: Allow wheel group to run command as root in sudo
   lineinfile: