Fixes #33: Don't overwrite sudoers file by default, and use sudoers.d.

.travis.yml

@@ -2,6 +2,10 @@
 sudo: required
 language: objective-c
 
+env:
+  global:
+    - ANSIBLE_FORCE_COLOR=true
+
 # Reference for OS X Versions:
 # https://docs.travis-ci.com/user/reference/osx/#macos-version
 matrix:
@@ -60,11 +64,11 @@ script:
   - "cp tests/config.yml config.yml"
 
   # Test the playbook.
-  - "travis_wait 30 ansible-playbook --extra-vars '{\"configure_sudoers\":\"false\"}' main.yml"
+  - "travis_wait 30 ansible-playbook main.yml"
 
   # Test the playbook's idempotence.
   - idempotence=$(mktemp)
-  - "ansible-playbook --extra-vars '{\"configure_sudoers\":\"false\"}' main.yml | tee -a ${idempotence}"
+  - "ansible-playbook main.yml | tee -a ${idempotence}"
   - >
     tail ${idempotence}
     | grep -q 'changed=0.*failed=0'

ansible.cfg

@@ -1,4 +1,5 @@
 [defaults]
+nocows = True
 roles_path = ./roles:/etc/ansible/roles
 
 [ssh_connection]

default.config.yml

@@ -2,10 +2,16 @@
 downloads: ~/.ansible-downloads/
 
 configure_dotfiles: yes
-configure_sudoers: yes
 configure_terminal: yes
 configure_osx: yes
 
+configure_sudoers: no
+sudoers_custom_config: ''
+# Example:
+# sudoers_custom_config: |
+#   # Allow users in admin group to use sudo with no password.
+#   %admin ALL=(ALL) NOPASSWD: ALL
+
 dotfiles_repo: https://github.com/geerlingguy/dotfiles.git
 dotfiles_repo_accept_hostkey: yes
 dotfiles_repo_local_destination: ~/Development/GitHub/dotfiles

tasks/sudoers.yml

@@ -11,11 +11,11 @@
     sed_path: "{{ sed_which_result.stdout }}"
   when: sed_path is undefined
 
-# Sudoers configuration (enables more convenient Vagrant usage).
+# Sudoers configuration.
 - name: Copy sudoers configuration into place.
-  template:
-    src: templates/sudoers.j2
-    dest: /etc/sudoers
+  copy:
+    content: "{{ sudoers_custom_config }}"
+    dest: /private/etc/sudoers.d/custom
     mode: 0440
     validate: 'visudo -cf %s'
   become: yes

templates/sudoers.j2

@@ -1,53 +0,0 @@
-# sudoers file.
-#
-# This file MUST be edited with the 'visudo' command as root.
-# Failure to use 'visudo' may result in syntax or file permission errors
-# that prevent sudo from running.
-#
-# See the sudoers man page for the details on how to write a sudoers file.
-#
-
-# Host alias specification
-
-# User alias specification
-
-# Cmnd alias specification
-
-# Defaults specification
-Defaults        env_reset
-Defaults        env_keep += "BLOCKSIZE"
-Defaults        env_keep += "COLORFGBG COLORTERM"
-Defaults        env_keep += "__CF_USER_TEXT_ENCODING"
-Defaults        env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
-Defaults        env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
-Defaults        env_keep += "LINES COLUMNS"
-Defaults        env_keep += "LSCOLORS"
-Defaults        env_keep += "SSH_AUTH_SOCK"
-Defaults        env_keep += "TZ"
-Defaults        env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
-Defaults        env_keep += "EDITOR VISUAL"
-Defaults        env_keep += "HOME MAIL"
-
-# Runas alias specification
-
-# User privilege specification
-root    ALL=(ALL) ALL
-%admin  ALL=(ALL) ALL
-
-# Uncomment to allow people in group wheel to run all commands
-# %wheel        ALL=(ALL) ALL
-
-# Same thing without a password
-# %wheel        ALL=(ALL) NOPASSWD: ALL
-
-# Samples
-# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
-# %users  localhost=/sbin/shutdown -h now
-
-# Vagrant sudoers config
-Cmnd_Alias VAGRANT_EXPORTS_ADD = /usr/bin/tee -a /etc/exports
-Cmnd_Alias VAGRANT_NFSD = /sbin/nfsd restart
-Cmnd_Alias VAGRANT_EXPORTS_REMOVE = {{ sed_path }} -E -e /*/ d -ibak /etc/exports
-Cmnd_Alias VAGRANT_HOSTS_ADD = /bin/sh -c echo "*" >> /etc/hosts
-Cmnd_Alias VAGRANT_HOSTS_REMOVE = {{ sed_path }} -i -e /*/ d /etc/hosts
-%admin ALL=(root) NOPASSWD: VAGRANT_EXPORTS_ADD, VAGRANT_NFSD, VAGRANT_EXPORTS_REMOVE, VAGRANT_HOSTS_ADD, VAGRANT_HOSTS_REMOVE