sudoers

roles/base/files/users/sudoers_wheel

@@ -0,0 +1 @@
+%wheel ALL=(ALL) ALL

roles/base/tasks/system_setup/openssh.yml

@@ -22,7 +22,8 @@
     path: "/etc/ssh/sshd_config"
     line: "Include /etc/ssh/sshd_config.d/*.conf"
     state: present
-    insertbefore: "^Port.*$"
+    insertbefore: "^#?Port.*$"
+  notify: restart_sshd
 
 - name: system setup | openssh | copy sshd custom config
   tags: openssh,ssh,system,settings

roles/base/tasks/users/all.yml

@@ -88,3 +88,11 @@
   become_user: '{{ user }}'
   shell: "POWERLINE=n BASHIT=y ZSHCUSTOM=n {{ getent_passwd[user][4] }}/dotfiles/install.sh"
   ignore_errors: yes
+
+- name: users | all | add sudoers file
+  copy:
+    src: users/sudoers_wheel
+    dest: /etc/sudoers.d/wheel
+    owner: root
+    group: root
+    mode: 0440