From 2d17c60f39c8b0df0c1b1149bdb460e3e504b1e1 Mon Sep 17 00:00:00 2001
From: Gregory Colpart <gcolpart+git@evolix.fr>
Date: Tue, 22 Aug 2017 02:58:38 +0200
Subject: [PATCH] continuation of new policy for sudo in Debian 9

---
 admin-users/tasks/sudo.yml | 4 ++--
 admin-users/tasks/user.yml | 9 ++++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/admin-users/tasks/sudo.yml b/admin-users/tasks/sudo.yml
index 49b9c71e..e05ac614 100644
--- a/admin-users/tasks/sudo.yml
+++ b/admin-users/tasks/sudo.yml
@@ -40,9 +40,9 @@
     system: yes
   when: ansible_distribution_major_version | version_compare('9', '>=')
 
-- name: "Add user to sudo group (Debian 9 or later)"
+- name: "Add user to evolinux-sudo group (Debian 9 or later)"
   user:
     name: '{{ user.name }}'
-    groups: 'evolinux-sudo,{{ admin_users_group }}'
+    groups: 'evolinux-sudo'
     append: yes
   when: ansible_distribution_major_version | version_compare('9', '>=')
diff --git a/admin-users/tasks/user.yml b/admin-users/tasks/user.yml
index b0126ca8..94f1a0c3 100644
--- a/admin-users/tasks/user.yml
+++ b/admin-users/tasks/user.yml
@@ -35,11 +35,18 @@
    update_password: on_create
   when: loginisbusy.rc != 0 and uidisbusy.rc == 0
 
-- name: "Create {{ admin_users_group }} group"
+- name: "Create {{ admin_users_group }} group (Debian 9 or later)"
   group:
     name: "{{ admin_users_group }}"
   when: ansible_distribution_major_version | version_compare('9', '>=')
 
+- name: "Add user to {{ admin_users_group }} group (Debian 9 or later)"
+  user:
+    name: '{{ user.name }}'
+    groups: '{{ admin_users_group }}'
+    append: yes
+  when: ansible_distribution_major_version | version_compare('9', '>=')
+
 - name: "Fix perms on homedirectory for '{{ user.name }}'"
   file:
    name: '/home/{{ user.name }}'