Ansible role to add sudoers

main.yml

# role/user/tasks/main.yml

- name: Add sudoers settings
  become: yes
  template:
    dest: '/etc/sudoers.d/bar'
    src: 'sudoers-myapp'
    mode: 0440
  tags: user-group
  
  - name: Restart sshd
  service:
    name: ssh
    state: restarted
  tags: user-group

sudoers-myapp

# role/user/templates/sudoers-myapp

Cmnd_Alias MY_APP = /bin/systemctl start myappd.service , /bin/systemctl stop myappd.service , /bin/systemctl status myappd.service

bar       ALL = (root) NOPASSWD:/bin/su, MY_APP