- name: Create user {{ iiab_admin_user }} for Admin Console; set password from hardcoded hash if newly creating account
  user:
    name: "{{ iiab_admin_user }}"
    password: "{{ iiab_admin_pwd_hash }}"
    update_password: on_create
    shell: /bin/bash

- name: Create a wheel group
  group:
    name: wheel
    state: present

- name: Create a sudo group (redhat)
  group:
    name: sudo
    state: present
  when: is_redhat

- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo'
  user:
    name: "{{ iiab_admin_user }}"
    groups: wheel,sudo

- name: Edit the sudoers file -- first make it editable
  file:
    path: /etc/sudoers
    mode: 0640

- name: Have sudo log all commands it handles
  lineinfile:
    regexp: logfile
    line: "Defaults     logfile = /var/log/sudo.log"
    dest: /etc/sudoers
    state: present

- name: Lets wheel sudo without password
  lineinfile:
    line: "%wheel ALL= NOPASSWD: ALL"
    dest: /etc/sudoers

- name: Remove the line which requires tty
  lineinfile:
    regexp: requiretty
    dest: /etc/sudoers
    state: absent

- name: End editing the sudoers file -- protect it again
  file:
    path: /etc/sudoers
    mode: 0440