---
- name: Disable sudo password for WHEEL group
  when: ansible_distribution == "Rocky" or ansible_distribution == "CentOS"
  become: true
  ansible.builtin.copy:
    content: "%wheel ALL=(ALL) NOPASSWD: ALL"
    dest: /etc/sudoers.d/30-wheel
    owner: root
    group: "{{ ansible_user }}"
    mode: 0644

# Note that the cleanup tasks need to be after the new installation tasks
# since one or more files being cleaned up might be being relied on to
# allow ansible access
- name: Fetch content of sudoers config directory
  become: true
  changed_when: false
  ansible.builtin.command:
    cmd: /usr/bin/ls /etc/sudoers.d/
  register: _sudoers_files_raw

- name: Remove legacy sudoers config files
  when: item.strip() not in ["30-wheel"]
  become: true
  ansible.builtin.file:
    path: /etc/sudoers.d/{{ item.strip() }}
    state: absent
  loop: "{{ _sudoers_files_raw.stdout.split(' ') }}"
  loop_control:
    label: "/etc/sudoers.d/{{ item.strip() }}"