# /srv/salt/sudo/init.sls

# Ensure sudo package is installed (required for Alpine)
sudo_pkg:
  pkg.installed:
    - name: sudo

# Create the sudo group
sudo_group:
  group.present:
    - name: sudo
    - require:
      - pkg: sudo_pkg

# Configure sudoers to allow sudo group
/etc/sudoers.d/sudo-group:
  file.managed:
    - user: root
    - group: root
    - mode: 440
    - contents: |
        # Allow members of group sudo to execute any command
        %sudo   ALL=(ALL:ALL) ALL
    - check_cmd: /usr/sbin/visudo -c -f
    - require:
      - pkg: sudo_pkg

# Ensure sudoers.d is included
ensure_sudoers_includedir:
  file.replace:
    - name: /etc/sudoers
    - pattern: '^#@includedir /etc/sudoers.d$'
    - repl: '@includedir /etc/sudoers.d'
    - append_if_not_found: True
    - require:
      - pkg: sudo_pkg