- name: Create user {{ iiab_admin_user }} in group sudo for Admin Console; set password from iiab_admin_pwd_hash if newly creating account
  user:
    name: "{{ iiab_admin_user }}"    # iiab-admin
    password: "{{ iiab_admin_pwd_hash }}"
    update_password: on_create
    shell: /bin/bash
    groups: sudo

#- name: Create a wheel group
#  group:
#    name: wheel
#    state: present

#- name: Create a sudo group (redhat)
#  group:
#    name: sudo
#    state: present
#  when: is_redhat | bool

#- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo'
#  user:
#    name: "{{ iiab_admin_user }}"
#    groups: wheel,sudo

- name: Edit the sudoers file -- first make it editable
  file:
    path: /etc/sudoers
    mode: 0640

- name: Have sudo log all commands it handles
  lineinfile:
    regexp: logfile
    line: "Defaults     logfile = /var/log/sudo.log"
    dest: /etc/sudoers
    state: present

#- name: Lets {{ iiab_admin_user }} sudo without password
##- name: Lets wheel sudo without password
#  lineinfile:
#    line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL"
##    line: "%wheel ALL= NOPASSWD: ALL"
#    dest: /etc/sudoers

- name: Remove the line which requires tty
  lineinfile:
    regexp: requiretty
    dest: /etc/sudoers
    state: absent

- name: End editing the sudoers file -- protect it again
  file:
    path: /etc/sudoers
    mode: 0440