sudo: one command per line

bundles/sudo/files/sudoer

@@ -0,0 +1,3 @@
+% for command in sorted(commands):
+${user} ALL=(ALL) NOPASSWD: ${command}
+% endfor

bundles/sudo/items.py

@@ -6,6 +6,11 @@ directories = {
 
 for user, commands in node.metadata.get('sudoers').items():
     files[f'/etc/sudoers.d/{user}'] = {
-        'content': f"{user} ALL=(ALL) NOPASSWD: {', '.join(sorted(commands))}",
+        'content_type': 'mako',
+        'source': 'sudoer',
+        'context': {
+            'user': user,
+            'commands': commands,
+        },
         'mode': '500',
     }