--- - tags: superusers block: - name: getent passwd getent: database: passwd - name: getent group getent: database: group # NOTE: Accounts are added by the luser module. - tags: superusers vars: usernames: "{{ users|dict2items|map(attribute='key')|list }}" unix_groups: - sudo - systemd-journal with_items: "{{ unix_groups + (['docker'] if 'docker' in getent_group else []) }}" loop_control: loop_var: group include_tasks: adjust-group.yml - name: mkdir /etc/sudoers.d become: yes file: path: /etc/sudoers.d state: directory - name: "Allow 'sudo' group to have passwordless sudo" tags: superusers become: yes copy: dest: /etc/sudoers.d/superusers content: | {{ "Managed by Ansible" | comment }} %sudo ALL=(ALL) NOPASSWD: ALL