admin-users: passwordless sudo for come commands

admin-users/tasks/debian/main.yml

@@ -6,10 +6,6 @@
 
 - include: ssh.yml
 
-- include: sudo_jessie.yml
-  when: ansible_distribution_release == 'jessie'
-
-- include: sudo_stretch.yml
-  when: ansible_distribution_release == 'stretch'
+- include: sudo.yml
 
 - meta: flush_handlers

admin-users/tasks/debian/sudo.yml

@@ -2,9 +2,9 @@
 
 - name: Verify Evolinux sudoers file presence
   template:
-    src: sudoers_debian.j2
+    src: sudoers_{{ ansible_distribution_release }}.j2
     dest: /etc/sudoers.d/evolinux
-    force: false
+    force: no
     validate: '/usr/sbin/visudo -cf %s'
   register: copy_sudoers_evolinux
 
@@ -20,4 +20,7 @@
     regexp: '^(User_Alias\s+ADMINS\s+=((?!{{ user.name }}).)*)$'
     replace: '\1,{{ user.name }}'
     validate: '/usr/sbin/visudo -cf %s'
-  when: not copy_sudoers_evolinux.changed
+  when:
+  - ansible_distribution == "Debian"
+  - ansible_distribution_major_version | version_compare('9', '<')
+  - not copy_sudoers_evolinux.changed

admin-users/tasks/debian/sudo_stretch.yml

@@ -1,7 +0,0 @@
----
-
-- name: "'{{ user.name }}' is in the sudo group"
-  user:
-    name: "{{ user.name }}"
-    groups: sudo
-    append: yes

admin-users/templates/sudoers_stretch.j2

@@ -0,0 +1,8 @@
+Defaults        umask=0077
+
+Cmnd_Alias      MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount
+
+nagios          ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
+nagios          ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
+
+%sudo           ALL = NOPASSWD: MAINT