---
- tags: superusers
  block:
    - name: getent passwd
      getent:
        database: passwd

    - name: getent group
      getent:
        database: group

# NOTE: Accounts are added by the luser module.
- tags: superusers
  vars:
    usernames: "{{ users|dict2items|map(attribute='key')|list }}"
    unix_groups:
      - sudo
      - systemd-journal
  with_items: "{{ unix_groups }}"
  loop_control:
    loop_var: group
  include_tasks: adjust-group.yml

- name: mkdir /etc/sudoers.d
  become: yes
  file:
    path: /etc/sudoers.d
    state: directory

- name: "Allow 'sudo' group to have passwordless sudo"
  tags: superusers
  become: yes
  copy:
    dest: /etc/sudoers.d/superusers
    content: |
      {{ "Managed by Ansible" | comment }}
      %sudo ALL=(ALL) NOPASSWD: ALL