- name: ensure sudo is installed
  package:
    name=sudo
    state=present

- name: ensure sudo group exists
  group:
    name=sudo
    state=present
- name: ensure admin users members of sudo group
  user:
    name={{ item }}
    groups=sudo
    append=yes
  with_items: '{{ admin_users }}'
- name: ensure members of sudo group can use sudo
  copy:
    src: sudo.sudoers
    dest: /etc/sudoers.d/10_sudo
    mode: '0440'
    validate: visudo -cf %s
- name: ensure legacy sudo group configuration is removed
  file:
    path=/etc/sudoers.d/sudo
    state=absent