From 55dc80f2d4d9ad11b7e79d7c34c786d484ed0464 Mon Sep 17 00:00:00 2001
From: korenstin <korenstin@crans.org>
Date: Sat, 21 Dec 2024 17:54:29 +0100
Subject: [PATCH] Ajout de groupe dans les sudoers (pour apprentis)

---
 group_vars/all/sudo.yml                           | 3 +++
 host_vars/apprentis.adm.crans.org.yml             | 3 +++
 plays/utilities.yml                               | 5 +++--
 roles/sudo/README.md                              | 7 +++++++
 roles/sudo/templates/sudoers.d/group_privilege.j2 | 2 +-
 5 files changed, 17 insertions(+), 3 deletions(-)
 create mode 100644 group_vars/all/sudo.yml

diff --git a/group_vars/all/sudo.yml b/group_vars/all/sudo.yml
new file mode 100644
index 00000000..799d1dd2
--- /dev/null
+++ b/group_vars/all/sudo.yml
@@ -0,0 +1,3 @@
+---
+glob_sudo:
+  group: "NOUNOUS"
diff --git a/host_vars/apprentis.adm.crans.org.yml b/host_vars/apprentis.adm.crans.org.yml
index a21e8fc3..b3eaa07b 100644
--- a/host_vars/apprentis.adm.crans.org.yml
+++ b/host_vars/apprentis.adm.crans.org.yml
@@ -21,3 +21,6 @@ loc_restic:
         - /etc
         - /home_nounou
         - /var
+
+loc_sudo:
+  group: "USERS"
diff --git a/plays/utilities.yml b/plays/utilities.yml
index a786c8da..9d1ab3a5 100755
--- a/plays/utilities.yml
+++ b/plays/utilities.yml
@@ -2,9 +2,10 @@
 ---
 - hosts: server
   vars:
-    root: "{{ glob_root | default({}) | combine(loc_root | default({})) }}"
-    ntp_client: "{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}"
     needrestart: "{{ glob_needrestart | default({}) | combine(loc_needrestart | default({})) }}"
+    ntp_client: "{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}"
+    root: "{{ glob_root | default({}) | combine(loc_root | default({})) }}"
+    sudo: "{{ glob_sudo | default({}) | combine(loc_sudo | default({})) }}"
     unattended: "{{ glob_unattended | default({}) | combine(loc_unattended | default({})) }}"
   roles:
     - root
diff --git a/roles/sudo/README.md b/roles/sudo/README.md
index a05810ca..269b7a96 100644
--- a/roles/sudo/README.md
+++ b/roles/sudo/README.md
@@ -1,3 +1,10 @@
 # Sudo
 
 Configure les sudoers.
+
+## Variables
+
+```yaml
+sudo:
+  group: nom du groupe des sudoers
+```
diff --git a/roles/sudo/templates/sudoers.d/group_privilege.j2 b/roles/sudo/templates/sudoers.d/group_privilege.j2
index 2b7e31fd..f9566e10 100644
--- a/roles/sudo/templates/sudoers.d/group_privilege.j2
+++ b/roles/sudo/templates/sudoers.d/group_privilege.j2
@@ -1,3 +1,3 @@
 {{ ansible_header | comment }}
 # Group privilege specification
-NOUNOUS    ALL=(ALL:ALL) ALL
+{{ sudo.group }}    ALL=(ALL:ALL) ALL