Add sudo for users from wheel group

2 files changed, 18 insertions, 0 deletions

diff --git a/roles/essential/tasks/main.yml b/roles/essential/tasks/main.yml
index 111e718..87be2e5 100644
--- a/roles/essential/tasks/main.yml
+++ b/roles/essential/tasks/main.yml
@@ -1,2 +1,3 @@
 - ansible.builtin.include_tasks: roles/essential/tasks/packages.yml
 - ansible.builtin.include_tasks: roles/essential/tasks/users.yml
+- ansible.builtin.include_tasks: roles/essential/tasks/sudo.yml
diff --git a/roles/essential/tasks/sudo.yml b/roles/essential/tasks/sudo.yml
new file mode 100644
index 0000000..422c023
--- /dev/null
+++ b/roles/essential/tasks/sudo.yml
@@ -0,0 +1,17 @@
+- name: Install sudo
+  ansible.builtin.package:
+    name:
+      - sudo
+    state: present
+
+- name: Allow wheel group to use sudo
+  ansible.builtin.lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: '^(# )?%wheel ALL=\(ALL:ALL\) NOPASSWD: ALL'
+    insertafter: '^# %wheel ALL=\(ALL:ALL\) NOPASSWD: ALL'
+    line: '%wheel ALL=(ALL:ALL) NOPASSWD: ALL'
+    validate: "visudo -cf %s"
+    owner: root
+    group: root
+    mode: u+r,g+r,o-rwx