From a3337c3156c986b0ed64f1cedf3e4d78ef76b92b Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Sun, 25 Oct 2020 19:19:28 +0100
Subject: superuser: Fixes from clean machine.

---
 ansible/roles/superusers/tasks/main.yml | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/superusers/tasks/main.yml b/ansible/roles/superusers/tasks/main.yml
index 70623a0..c1f5a47 100644
--- a/ansible/roles/superusers/tasks/main.yml
+++ b/ansible/roles/superusers/tasks/main.yml
@@ -21,11 +21,17 @@
     loop_var: group
   include_tasks: adjust-group.yml
 
+- name: mkdir /etc/sudoers.d
+  become: yes
+  file:
+    path: /etc/sudoers.d
+    state: directory
+
 - name: "Allow 'sudo' group to have passwordless sudo"
   tags: superusers
   become: yes
-  lineinfile:
-    dest: /etc/sudoers
-    state: present
-    regexp: '^%sudo'
-    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+  copy:
+    dest: /etc/sudoers.d/superusers
+    content: |
+      {{ "Managed by Ansible" | comment }}
+      %sudo ALL=(ALL) NOPASSWD: ALL
-- 
cgit v1.2.3