Fixes #33: Don't overwrite sudoers file by default, and use sudoers.d.

Author: geerlingguy

.travis.yml

@@ -2,6 +2,10 @@
 sudo: required
 language: objective-c
 
+env:
+  global:
+    - ANSIBLE_FORCE_COLOR=true
+
 # Reference for OS X Versions:
 # https://docs.travis-ci.com/user/reference/osx/#macos-version
 matrix:
@@ -60,11 +64,11 @@ script:
   - "cp tests/config.yml config.yml"
 
   # Test the playbook.
-  - "travis_wait 30 ansible-playbook --extra-vars '{\"configure_sudoers\":\"false\"}' main.yml"
+  - "travis_wait 30 ansible-playbook main.yml"
 
   # Test the playbook's idempotence.
   - idempotence=$(mktemp)
-  - "ansible-playbook --extra-vars '{\"configure_sudoers\":\"false\"}' main.yml | tee -a ${idempotence}"
+  - "ansible-playbook main.yml | tee -a ${idempotence}"
   - >
     tail ${idempotence}
     | grep -q 'changed=0.*failed=0'

ansible.cfg

@@ -1,4 +1,5 @@
 [defaults]
+nocows = True
 roles_path = ./roles:/etc/ansible/roles
 
 [ssh_connection]

default.config.yml

@@ -2,10 +2,16 @@
 downloads: ~/.ansible-downloads/
 
 configure_dotfiles: yes
-configure_sudoers: yes
 configure_terminal: yes
 configure_osx: yes
 
+configure_sudoers: no
+sudoers_custom_config: ''
+# Example:
+# sudoers_custom_config: |
+#   # Allow users in admin group to use sudo with no password.
+#   %admin ALL=(ALL) NOPASSWD: ALL
+
 dotfiles_repo: https://github.com/geerlingguy/dotfiles.git
 dotfiles_repo_accept_hostkey: yes
 dotfiles_repo_local_destination: ~/Development/GitHub/dotfiles

tasks/sudoers.yml

@@ -11,11 +11,11 @@
     sed_path: "{{ sed_which_result.stdout }}"
   when: sed_path is undefined
 
-# Sudoers configuration (enables more convenient Vagrant usage).
+# Sudoers configuration.
 - name: Copy sudoers configuration into place.
-  template:
-    src: templates/sudoers.j2
-    dest: /etc/sudoers
+  copy:
+    content: "{{ sudoers_custom_config }}"
+    dest: /private/etc/sudoers.d/custom
     mode: 0440
     validate: 'visudo -cf %s'
   become: yes