make admin list extensible

roles/container/defaults/main.yml

@@ -5,4 +5,8 @@ masked_services:
     - systemd-logind.service
     - getty.target
     - systemd-journal-flush.service
+base_admins:
+    - {dest: "/home/admin", owner: "admin", group: "admin"}
+    - {dest: "/root", owner: "root", group: "root"}
+additional_admins: []
 ssh_ldap: false

roles/container/files/sudoers

@@ -75,6 +75,7 @@ root ALL=(ALL) ALL
 ## Uncomment to allow members of group wheel to execute any command
 %wheel ALL=(ALL) ALL
 admin ALL=(ALL) NOPASSWD: ALL
+%admin ALL=(ALL) NOPASSWD: ALL
 
 ## Same thing without a password
 # %wheel ALL=(ALL) NOPASSWD: ALL

roles/container/tasks/main.yml

@@ -26,13 +26,14 @@
 - name: SSH Keys
   copy: src=authorized_keys dest=/home/admin/.ssh/authorized_keys
 
+- set_fact:
+    admins: "{{ base_admins + additional_admins }}"
+
 - name: deploy dotfiles
   copy: src="{{ item[0] }}" dest="{{ item[1].dest }}/.{{ item[0] }}" owner="{{ item[1].owner }}" group="{{ item[1].group }}"
   with_nested:
     - ['bashrc', 'dircolors', 'vimrc']
-    -
-      - {dest: "/home/admin", owner: "admin", group: "admin"}
-      - {dest: "/root", owner: "root", group: "root"}
+    - admins
 
 - mount: name=/run/systemd/journal/ src=/mnt/journal fstype=none opts=bind,ro state=present