diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index d23c6e07..af2d0104 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -84,12 +84,23 @@
   tags:
     - role::common
 
-- name: Add sudoers lecture path
+- name: Configure sudo
+  template:
+    src: sudoers.j2
+    dest: /etc/sudoers.d/pydis
+    owner: root
+    group: root
+    mode: '0440'
+    validate: /usr/sbin/visudo -cf %s
+  tags:
+    - role::common
+
+- name: Remove sudoers lecture path
   lineinfile:
     dest: /etc/sudoers
     regexp: '^Defaults +?lecture_file ?= ?".+?"$'
     line: 'Defaults    lecture_file = "/etc/sudo_lecture"'
-    state: present
+    state: absent
     validate: /usr/sbin/visudo -cf %s
   tags:
     - role::common
diff --git a/ansible/roles/common/templates/sudoers.j2 b/ansible/roles/common/templates/sudoers.j2
new file mode 100644
index 00000000..91d24cc4
--- /dev/null
+++ b/ansible/roles/common/templates/sudoers.j2
@@ -0,0 +1,4 @@
+Defaults lecture_file="/etc/sudo_lecture"
+Defaults insults
+
+# vim: ft=sudoers.j2: