From 427541311a08bf0974eb99619a5860e0610a9ba0 Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@outlook.com>
Date: Tue, 21 Jul 2020 12:32:07 +0200
Subject: [PATCH] account: Added validate for sudoers insults config

---
 group_vars/all/vars.yml      | 1 +
 roles/account/tasks/main.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index a3c3ffc..7cbfbb7 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -48,6 +48,7 @@ global_ssh_key_directory: "{{ global_public_key_directory }}/ssh"
 global_ssh_host_key_directory: "{{ global_ssh_key_directory }}/hosts"
 
 global_validate_shell_script: "/usr/bin/shellcheck -format=quiet %s"
+global_validate_sudoers_file: "/usr/sbin/visudo -c -f %s"
 
 global_wireguard_private_directory: "{{ global_credentials_directory }}/wireguard"
 global_wireguard_public_directory: "{{ global_public_key_directory }}/wireguard/keys"
diff --git a/roles/account/tasks/main.yml b/roles/account/tasks/main.yml
index 7e2598f..06d753b 100644
--- a/roles/account/tasks/main.yml
+++ b/roles/account/tasks/main.yml
@@ -23,6 +23,7 @@
     owner: root
     group: root
     mode: u=r,g=r,o=
+    validate: "{{ global_validate_sudoers_file }}"
 
 - name: Configure user account {{ username }}
   user: