From 106a89d72fa1afd4c89163169af5c0b434557a04 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sat, 22 Jan 2022 20:01:07 +0000
Subject: [PATCH] Use groups to manage sudo access rather than editing sudoers
 file

---
 ansible/roles/base/tasks/user.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/base/tasks/user.yml b/ansible/roles/base/tasks/user.yml
index 062836f..120b1e0 100644
--- a/ansible/roles/base/tasks/user.yml
+++ b/ansible/roles/base/tasks/user.yml
@@ -8,7 +8,8 @@
   become: true
 
 - name: Give user sudo access
-  lineinfile:
-    path: /etc/sudoers
-    line: "{{ user }} ALL=(ALL) ALL"
+  user:
+    name: "{{ user }}"
+    groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}"
+    append: true
   become: true