From 93b859e547bd0f3286b4c3d82338668ebe3b6139 Mon Sep 17 00:00:00 2001
From: Oleg Broytman <phd@phdru.name>
Date: Mon, 4 Dec 2023 04:29:26 +0300
Subject: [PATCH] Feat(roles/sudo): Disable `.sudo_as_admin_successful`

---
 playbooks/roles/sudo/tasks/main.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/playbooks/roles/sudo/tasks/main.yaml b/playbooks/roles/sudo/tasks/main.yaml
index 0c87707..ee444a5 100644
--- a/playbooks/roles/sudo/tasks/main.yaml
+++ b/playbooks/roles/sudo/tasks/main.yaml
@@ -19,7 +19,9 @@
 - name: Allow passwordless operations for phd
   become: true
   copy:
-    content: 'phd	ALL=(ALL:ALL) NOPASSWD: ALL'
+    content: |
+      Defaults !admin_flag
+      phd	ALL=(ALL:ALL) NOPASSWD: ALL
     dest: /etc/sudoers.d/phd
     owner: root
     group: "{% if ansible_facts.os_family == 'Debian' %}sudo{% elif ansible_facts.os_family == 'RedHat' %}root{% endif %}"
-- 
2.39.2