From 489bb5ddcf953f54942cf334ccb5da94a0234f4b Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 23 Mar 2019 13:49:53 +0100
Subject: [PATCH] sudo group by location

---
 group_vars/pacaterie/sudo_location_group.yml |  3 +++
 roles/ldap-client/tasks/1_group_security.yml | 10 +++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 group_vars/pacaterie/sudo_location_group.yml

diff --git a/group_vars/pacaterie/sudo_location_group.yml b/group_vars/pacaterie/sudo_location_group.yml
new file mode 100644
index 0000000..6244736
--- /dev/null
+++ b/group_vars/pacaterie/sudo_location_group.yml
@@ -0,0 +1,3 @@
+---
+# Users in that group will be able to `sudo`
+sudo_group_location: 'sudopacaterie'
diff --git a/roles/ldap-client/tasks/1_group_security.yml b/roles/ldap-client/tasks/1_group_security.yml
index 13e3261..9e01f03 100644
--- a/roles/ldap-client/tasks/1_group_security.yml
+++ b/roles/ldap-client/tasks/1_group_security.yml
@@ -16,8 +16,16 @@
   until: package_result is succeeded
 
 # Set sudo group
-- name: Configure sudoers
+- name: Configure sudoers sudo group
   lineinfile:
     dest: /etc/sudoers
     regexp: "^%{{ sudo_group }}"
     line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL"
+
+# Set sudo location group
+- name: Configure sudoers sudo location group
+  lineinfile:
+    dest: /etc/sudoers
+    regexp: "^%{{ sudo_group_location }}"
+    line: "%{{ sudo_group_location }} ALL=(ALL:ALL) ALL"
+  when: sudo_group_location is defined