EvoBSD/roles/base/tasks/sudo.yml

---
- name: Configure sudoers umask
  lineinfile:
    dest: /etc/sudoers
    insertafter: '# Defaults specification'
    line: 'Defaults umask=0077'
    validate: 'visudo -cf %s'
  tags:
    - sudo

- name: Allow wheel group to run command as root in sudo
  lineinfile:
    dest: /etc/sudoers
    insertafter: '# and set environment variables.'
    line: "%wheel\tALL=(ALL) SETENV: ALL"
    validate: 'visudo -cf %s'
    backup: false
  tags:
    - sudo

- name: Delete line with space instead of tab
  lineinfile:
    dest: /etc/sudoers
    line: "%wheel   ALL=(ALL) SETENV: ALL"
    validate: 'visudo -cf %s'
    backup: false
    state: absent
  tags:
    - sudo

- name: Configure sudoers for evomaintenance and monitoring
  blockinfile:
    state: present
    dest: /etc/sudoers
    insertafter: EOF
    block: |
      Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh
      %wheel ALL=NOPASSWD: MAINT      
    validate: 'visudo -cf %s'
    backup: false
  tags:
    - sudo