From 2a25c840b88712ac7b97a6a09cb8d4a25889b476 Mon Sep 17 00:00:00 2001
From: Marty Oehme <contact@martyoeh.me>
Date: Tue, 25 Feb 2025 22:30:26 +0100
Subject: [PATCH] ref(user): Add sudo permissions with dropin file

Instead of changing a line in the sudoers file we just copy a new
drop-in file into the sudoers.d/ dir. Easier, less error-prone and
allows everyone to see 'who' the sudo enabled users are (since it is
world readable).
---
 books/void_user.yaml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/books/void_user.yaml b/books/void_user.yaml
index 0f3ec00..64474bf 100644
--- a/books/void_user.yaml
+++ b/books/void_user.yaml
@@ -9,10 +9,13 @@
       loop: "{{ user_groups }}"
 
     - name: Enable sudo for "wheel" group
-      ansible.builtin.lineinfile:
-        path: "/etc/sudoers"
-        regexp: '^# %wheel ALL=(ALL) ALL$'
-        line: '%wheel ALL=(ALL) ALL'
+      ansible.builtin.copy:
+        content: "%wheel ALL=(ALL) ALL"
+        dest: "/etc/sudoers.d/10-wheel"
+        owner: root
+        group: root
+        mode: 0644
+        force: true
 
     - name: Add user
       ansible.builtin.user: