From 9a2dfa261c4f46cbc4276051909a2f3a81c0e6f8 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 8 Apr 2018 10:52:08 -0500
Subject: [PATCH] pyrocufflink: Configure sudo for server admins

Members of the *Server Admins* AD group need to be able to use `sudo`
for privilege elevation on all domain member servers.
---
 pyrocufflink.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pyrocufflink.yml b/pyrocufflink.yml
index 91b8843..4b6c996 100644
--- a/pyrocufflink.yml
+++ b/pyrocufflink.yml
@@ -3,8 +3,16 @@
   - winbind
   - nsswitch
   - system-auth
+  - sudo
   tasks:
   - name: ensure winbind is running
     service:
       name=winbind
       state=started
+  - name: ensure server admins can use sudo
+    copy:
+      dest: /etc/sudoers.d/20_server-admins
+      content: |
+        %server\ admins ALL=(ALL) ALL
+      mode: '0440'
+      validate: visudo -cf %s