playbooks/roles/sudo/tasks/main.yaml

   1 - name: Install sudo
   2   become: true
   3   apt:
   4     cache_valid_time: 3600
   5     install_recommends: no
   6     name: sudo
   7     state: latest
   8     update_cache: yes
   9   when: ansible_facts.os_family == 'Debian'
  10
  11 - name: Add user phd to group sudo
  12   become: true
  13   user:
  14     name: phd
  15     append: yes
  16     groups: sudo
  17   when: ansible_facts.os_family == 'Debian'
  18
  19 - name: Allow passwordless operations for phd
  20   become: true
  21   copy:
  22     content: 'phd       ALL=(ALL:ALL) NOPASSWD: ALL'
  23     dest: /etc/sudoers.d/phd
  24     owner: root
  25     group: "{% if ansible_facts.os_family == 'Debian' %}sudo{% elif ansible_facts.os_family == 'RedHat' %}root{% endif %}"
  26     mode: 0640