Convert sudo to a role so we can include it before roles/plays that use sudo.

1 files changed, 35 insertions, 0 deletions

diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
new file mode 100644
index 000000000..0b221e3a3
--- /dev/null
+++ b/roles/sudo/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+#
+# This task sets up /etc/sudoers.d/fedora on a machine. 
+#
+
+#
+# Put in place the default sysadmin-main sudoers file. 
+#
+- name: setup /etc/sudoers.d/sysadmin-main
+  copy: src="{{ private }}/files/sudo/sysadmin-main" dest=/etc/sudoers.d/ owner=root group=root mode=0600
+  when: sudoers_main is not defined
+  tags:
+  - config
+#
+# Put in place the default sysadmin-main sudoers file. (nopasswd edition)
+#
+- name: setup /etc/sudoers.d/sysadmin-main (nopasswd)
+  copy: src="{{ private }}/files/sudo/sysadmin-main-nopasswd" dest=/etc/sudoers.d/ owner=root group=root mode=0600
+  when: sudoers_main is defined and sudoers_main == 'nopasswd'
+  tags:
+  - config
+#
+# This will move a /etc/sudoers.d/ file in place 
+#
+- name: setup /etc/sudoers.d/sudoer file for client use
+  action: copy src={{ item }} dest=/etc/sudoers.d/ owner=root group=root mode=0600
+  with_first_found:
+  - files:
+    - "{{ sudoers }}"
+    - "{{ private }}/files/sudo/{{ ansible_fqdn }}-sudoers"
+    - "{{ private }}/files/sudo/{{ ansible_hostname }}-sudoers"
+    - "{{ private }}/files/sudo/{{ ansible_domain }}-sudoers"
+    skip: true
+  tags:
+  - config