---
- name: "Configure sudoers umask"
  lineinfile:
    dest: /etc/sudoers
    insertafter: '# Defaults specification'
    line: 'Defaults umask=0077'
    validate: 'visudo -cf %s'
  tags:
    - sudo

- name: "Allow wheel group to run command as root in sudo"
  lineinfile:
    dest: /etc/sudoers
    insertafter: '# and set environment variables.'
    line: "%wheel\tALL=(ALL) SETENV: ALL"
    validate: 'visudo -cf %s'
    backup: false
  tags:
    - sudo

- name: "Delete line with space instead of tab"
  lineinfile:
    dest: /etc/sudoers
    line: "%wheel   ALL=(ALL) SETENV: ALL"
    validate: 'visudo -cf %s'
    backup: false
    state: absent
  tags:
    - sudo

- name: "Configure sudoers for evomaintenance and monitoring"
  blockinfile:
    state: present
    dest: /etc/sudoers
    insertafter: EOF
    block: |
      Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh
      %wheel ALL=NOPASSWD: MAINT
      %evolinux-sudo ALL=(ALL) SETENV: ALL
    validate: 'visudo -cf %s'
    backup: false
  tags:
    - sudo