admin-user.yml: skip wheels group (& its NOPASSWD: in /etc/sudoers)

roles/iiab-admin/tasks/admin-user.yml

@@ -1,25 +1,26 @@
-- name: Create user {{ iiab_admin_user }} for Admin Console; set password from iiab_admin_pwd_hash if newly creating account
+- name: Create user {{ iiab_admin_user }} in group sudo for Admin Console; set password from iiab_admin_pwd_hash if newly creating account
   user:
     name: "{{ iiab_admin_user }}"    # iiab-admin
     password: "{{ iiab_admin_pwd_hash }}"
     update_password: on_create
     shell: /bin/bash
+    groups: sudo
 
-- name: Create a wheel group
-  group:
-    name: wheel
-    state: present
+#- name: Create a wheel group
+#  group:
+#    name: wheel
+#    state: present
 
-- name: Create a sudo group (redhat)
-  group:
-    name: sudo
-    state: present
-  when: is_redhat | bool
+#- name: Create a sudo group (redhat)
+#  group:
+#    name: sudo
+#    state: present
+#  when: is_redhat | bool
 
-- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo'
-  user:
-    name: "{{ iiab_admin_user }}"
-    groups: wheel,sudo
+#- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo'
+#  user:
+#    name: "{{ iiab_admin_user }}"
+#    groups: wheel,sudo
 
 - name: Edit the sudoers file -- first make it editable
   file:
@@ -33,10 +34,12 @@
     dest: /etc/sudoers
     state: present
 
-- name: Lets wheel sudo without password
-  lineinfile:
-    line: "%wheel ALL= NOPASSWD: ALL"
-    dest: /etc/sudoers
+#- name: Lets {{ iiab_admin_user }} sudo without password
+##- name: Lets wheel sudo without password
+#  lineinfile:
+#    line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL"
+##    line: "%wheel ALL= NOPASSWD: ALL"
+#    dest: /etc/sudoers
 
 - name: Remove the line which requires tty
   lineinfile: