From a6e60cef858de30ad1ddc8567e34ed7e42a05d5c Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 9 Oct 2022 23:14:55 -0400
Subject: [PATCH] Configure passwordless sudo for wheel group.

---
 ansible/environments/home/host_vars/homeserver | 2 +-
 ansible/roles/sudo/files/wheel                 | 1 +
 ansible/roles/sudo/tasks/freebsd.yaml          | 8 ++++++++
 ansible/roles/sudo/tasks/linux.yaml            | 8 ++++++++
 ansible/roles/sudo/tasks/main.yaml             | 6 ++++++
 5 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/sudo/files/wheel
 create mode 100644 ansible/roles/sudo/tasks/freebsd.yaml
 create mode 100644 ansible/roles/sudo/tasks/linux.yaml

diff --git a/ansible/environments/home/host_vars/homeserver b/ansible/environments/home/host_vars/homeserver
index c42fd44..1d0b6d9 100644
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@@ -1 +1 @@
-os_flavor: "FreeBSD"
+os_flavor: "freebsd"
diff --git a/ansible/roles/sudo/files/wheel b/ansible/roles/sudo/files/wheel
new file mode 100644
index 0000000..bbad988
--- /dev/null
+++ b/ansible/roles/sudo/files/wheel
@@ -0,0 +1 @@
+%wheel ALL=(ALL:ALL) NOPASSWD: ALL
diff --git a/ansible/roles/sudo/tasks/freebsd.yaml b/ansible/roles/sudo/tasks/freebsd.yaml
new file mode 100644
index 0000000..161c51a
--- /dev/null
+++ b/ansible/roles/sudo/tasks/freebsd.yaml
@@ -0,0 +1,8 @@
+- name: Configure sudoers
+  copy:
+    src: files/wheel
+    dest: /usr/local/etc/sudoers.d/wheel
+    mode: 0440
+    owner: root
+    group: wheel
+    validate: "visudo -cf %s"
diff --git a/ansible/roles/sudo/tasks/linux.yaml b/ansible/roles/sudo/tasks/linux.yaml
new file mode 100644
index 0000000..581343d
--- /dev/null
+++ b/ansible/roles/sudo/tasks/linux.yaml
@@ -0,0 +1,8 @@
+- name: Configure sudoers
+  copy:
+    src: files/wheel
+    dest: /etc/sudoers.d/wheel
+    mode: 0440
+    owner: root
+    group: root
+    validate: "visudo -cf %s"
diff --git a/ansible/roles/sudo/tasks/main.yaml b/ansible/roles/sudo/tasks/main.yaml
index e9e7582..21b33aa 100644
--- a/ansible/roles/sudo/tasks/main.yaml
+++ b/ansible/roles/sudo/tasks/main.yaml
@@ -3,3 +3,9 @@
     name:
       - sudo
     state: present
+
+- include: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- include: tasks/linux.yaml
+  when: 'os_flavor == "linux"'