---
- name: Ensure sudo package is installed
  ansible.builtin.package:
    name: sudo
    state: present

# Detect alternative sudo binaries (rust sudo etc.)
- name: Find sudo candidates
  ansible.builtin.shell: |
    ls -1 /usr/bin/sudo* 2>/dev/null | grep -v '^/usr/bin/sudo$' || true
  register: sudo_candidates
  changed_when: false

- name: Pick preferred sudo binary
  ansible.builtin.set_fact:
    preferred_sudo: "{{ sudo_candidates.stdout_lines[0] | default('/usr/bin/sudo') }}"

# RHEL-like systems → use alternatives
- name: Ensure alternatives exists (RHEL-like)
  ansible.builtin.package:
    name: alternatives
    state: present
  when: ansible_facts.os_family in ['RedHat','Rocky','AlmaLinux','Fedora','OracleLinux','Suse']

- name: Register sudo in alternatives
  ansible.builtin.command: >
    alternatives --install /usr/bin/sudo sudo {{ preferred_sudo }} 100
  when: ansible_facts.os_family in ['RedHat','Rocky','AlmaLinux','Fedora','OracleLinux','Suse']
  ignore_errors: true

- name: Force preferred sudo via alternatives
  ansible.builtin.command: >
    alternatives --set sudo {{ preferred_sudo }}
  when: ansible_facts.os_family in ['RedHat','Rocky','AlmaLinux','Fedora','OracleLinux','Suse']
  ignore_errors: true

# Debian fallback (no alternatives)
- name: Ensure /usr/bin/sudo points to system sudo (Debian fallback)
  ansible.builtin.file:
    src: "{{ preferred_sudo }}"
    dest: /usr/bin/sudo
    state: link
  when: ansible_facts.os_family == "Debian"