---
# Filter SSH on groups
- name: Filter SSH on groups
  when: ansible_facts['hostname'] != "camelot"  # Camelot is accessible for everyone
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ^AllowGroups
    line: AllowGroups root sudoldap aurore ssh
    state: present

# To gain root access with ldap rights
- name: Install SUDO package
  package:
    name: sudo
    state: present
  register: package_result
  retries: 3
  until: package_result is succeeded

# Set sudo group
- name: Configure sudoers sudo group
  lineinfile:
    dest: /etc/sudoers
    regexp: ^%{{ sudo_group }}
    line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL"
    state: present
    validate: /usr/sbin/visudo -cf %s

# Set sudo location group
- name: Configure sudoers sudo location group
  lineinfile:
    dest: /etc/sudoers
    regexp: ^%{{ sudo_group_location }}
    line: "%{{ sudo_group_location }} ALL=(ALL:ALL) ALL"
    state: present
    validate: /usr/sbin/visudo -cf %s
  when: sudo_group_location is defined