From 8de7d0dfcec1d57c872e286773a03c9f89842ae2 Mon Sep 17 00:00:00 2001
From: Tyler Hale <tyler@haletek.com>
Date: Thu, 25 Jul 2024 17:54:48 -0600
Subject: [PATCH] Switching to sudoers config files

---
 roles/base/tasks/core_sudo.yml | 30 +++++++++++++++---------------
 roles/base/templates/%sudo.j2  |  1 +
 roles/base/templates/%wheel.j2 |  1 +
 3 files changed, 17 insertions(+), 15 deletions(-)
 create mode 100644 roles/base/templates/%sudo.j2
 create mode 100644 roles/base/templates/%wheel.j2

diff --git a/roles/base/tasks/core_sudo.yml b/roles/base/tasks/core_sudo.yml
index 23655cd..8ff4f14 100644
--- a/roles/base/tasks/core_sudo.yml
+++ b/roles/base/tasks/core_sudo.yml
@@ -1,18 +1,18 @@
 ---
 # file: roles/base/tasks/core_sudo.yml
 
-- name: Enabled passwordless for wheel group
-  lineinfile:
-    path: /etc/sudoers
-    state: present
-    regexp: '^%wheel'
-    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
-    validate: 'visudo -cf %s'
-
-- name: Enabled passwordless for sudo group
-  lineinfile:
-    path: /etc/sudoers
-    state: present
-    regexp: '^%sudo'
-    line: '%sudo   ALL=(ALL:ALL) NOPASSWD: ALL'
-    validate: 'visudo -cf %s'
+- name: Configure passwordless for wheel group
+  template:
+    src: "%wheel.j2"
+    dest: "/etc/sudoers.d/%wheel"
+    owner: root
+    group: root
+    mode: '0440'
+  
+- name: Configure passwordless for sudo group
+  template:
+    src: "%sudo.j2"
+    dest: "/etc/sudoers.d/%sudo"
+    owner: root
+    group: root
+    mode: '0440'
diff --git a/roles/base/templates/%sudo.j2 b/roles/base/templates/%sudo.j2
new file mode 100644
index 0000000..0b662a1
--- /dev/null
+++ b/roles/base/templates/%sudo.j2
@@ -0,0 +1 @@
+%sudo	ALL=(ALL)	NOPASSWD: ALL
\ No newline at end of file
diff --git a/roles/base/templates/%wheel.j2 b/roles/base/templates/%wheel.j2
new file mode 100644
index 0000000..2e873df
--- /dev/null
+++ b/roles/base/templates/%wheel.j2
@@ -0,0 +1 @@
+%wheel	ALL=(ALL)	NOPASSWD: ALL
\ No newline at end of file