From 24601204509968c65cab6952e4d440f2c9daa66b Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Sat, 19 Nov 2022 19:16:38 +0100
Subject: [PATCH] [sudo] youre sharp buster

---
 roles/sudo/tasks/main.yml                     | 11 ++++----
 .../{sudoers.j2 => sudoers.bullseye.j2}       |  0
 roles/sudo/templates/sudoers.buster.j2        | 27 +++++++++++++++++++
 3 files changed, 33 insertions(+), 5 deletions(-)
 rename roles/sudo/templates/{sudoers.j2 => sudoers.bullseye.j2} (100%)
 create mode 100644 roles/sudo/templates/sudoers.buster.j2

diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
index 6ee4500b..487a6587 100644
--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@@ -1,10 +1,11 @@
 ---
 - name: Configure sudoers
   template:
-    src: "{{ item }}.j2"
-    dest: /etc/{{ item }}
+    src: "{{ item.src }}.j2"
+    dest: "/etc/{{ item.dst |  default(item.src) }}"
     mode: 0440
   loop:
-    - sudoers.d/custom_passprompt
-    - sudoers.d/group_privilege
-    - sudoers
+    - src: sudoers.d/custom_passprompt
+    - src: sudoers.d/group_privilege
+    - src: "sudoers.{{ ansible_distribution_release }}"
+      dst: "sudoers"
diff --git a/roles/sudo/templates/sudoers.j2 b/roles/sudo/templates/sudoers.bullseye.j2
similarity index 100%
rename from roles/sudo/templates/sudoers.j2
rename to roles/sudo/templates/sudoers.bullseye.j2
diff --git a/roles/sudo/templates/sudoers.buster.j2 b/roles/sudo/templates/sudoers.buster.j2
new file mode 100644
index 00000000..91b37793
--- /dev/null
+++ b/roles/sudo/templates/sudoers.buster.j2
@@ -0,0 +1,27 @@
+{{ ansible_header | comment }}
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults	env_reset
+Defaults	mail_badpass
+Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+User_Alias    USERS= %_user
+User_Alias    NOUNOUS= %_nounou
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root	ALL=(ALL:ALL) ALL
+
+{% if 'virtu' in group_names %}
+# Pour vérifier quels vms sont sur quels virtus
+USERS ALL=(root:ALL) NOPASSWD:/usr/sbin/qm list
+
+{% endif %}
+# See sudoers(5) for more information on "@include" directives:
+
+#includedir /etc/sudoers.d