From d014d25e4057c126fa2fd4ebeee3951bb0d35709 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Fri, 14 Mar 2025 12:19:23 +0100
Subject: [PATCH] Optimized .mds and meta/main.yml for sudo

---
 roles/sudo/README.md     | 20 ++++++++++++++++++++
 roles/sudo/meta/main.yml | 24 ++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 roles/sudo/README.md
 create mode 100644 roles/sudo/meta/main.yml

diff --git a/roles/sudo/README.md b/roles/sudo/README.md
new file mode 100644
index 00000000..5209e224
--- /dev/null
+++ b/roles/sudo/README.md
@@ -0,0 +1,20 @@
+# Sudo
+
+## Description
+
+This role installs the [sudo](https://en.wikipedia.org/wiki/Sudo) package and deploys a default sudoers file to ensure secure and consistent privilege escalation on the target system. It uses a preconfigured sudoers file that follows best practices and includes directives to read drop-in files from `/etc/sudoers.d`.
+
+## Overview
+
+Optimized for security and ease of administration, this role guarantees that sudo is installed and configured according to recommended practices. The provided sudoers file includes essential comments, host/user aliases, and defaults to help prevent misconfigurations.
+
+## Purpose
+
+The primary purpose of this role is to ensure that the target system has a reliable sudo configuration. By installing the [sudo](https://en.wikipedia.org/wiki/Sudo) package and deploying a standard sudoers file, the role facilitates proper administrative access and minimizes potential security risks.
+
+## Features
+
+- **Sudo Package Installation:** Installs the [sudo](https://en.wikipedia.org/wiki/Sudo) package if it is not already present.
+- **Default Sudoers Configuration:** Deploys a default sudoers file with best-practice settings.
+- **Drop-in Inclusion:** Ensures that configuration files from `/etc/sudoers.d` are included.
+- **Security Focus:** Provides commented guidelines to avoid common sudo misconfigurations.
diff --git a/roles/sudo/meta/main.yml b/roles/sudo/meta/main.yml
new file mode 100644
index 00000000..894013cf
--- /dev/null
+++ b/roles/sudo/meta/main.yml
@@ -0,0 +1,24 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Installs and configures the sudo package with a default sudoers file to ensure secure privilege escalation and system administration."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Linux
+      versions:
+        - all
+  galaxy_tags:
+    - sudo
+    - security
+    - administration
+    - configuration
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+dependencies: []
\ No newline at end of file