diff --git a/README.md b/README.md
index 6e74940..3ca7ab7 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,12 @@ users:
   - vagrant
 sudoers:
   - vagrant
+# Will install a specific Ansible version on the target host
+ensure_ansible_version: 2.10.3
+# Allow sudo with a password (applied to group sudo)
+enable_sudo: yes
+# Allow passwordless sudo (applied to group wheel)
+enable_passwordless_sudo: yes
 ```
 
 Dependencies
diff --git a/defaults/main.yml b/defaults/main.yml
index 108c3d8..3b7f2fd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -11,4 +11,6 @@ users:
   - vagrant
 sudoers:
   - vagrant
-ensure_ansible_version: 2.10.3
\ No newline at end of file
+ensure_ansible_version: 2.10.3
+enable_sudo: yes
+enable_passwordless_sudo: yes
\ No newline at end of file
diff --git a/tasks/users.yml b/tasks/users.yml
index 5c38204..3789a05 100644
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -5,31 +5,40 @@
     - sudo
   when: ansible_facts['os_family'] == 'FreeBSD'
 
-- name: 'Allow wheel group to do passwordless sudo'
-  lineinfile:
-    dest: /usr/local/etc/sudoers
-    state: present
-    regexp: '^%wheel'
-    line: '%wheel ALL=(ALL) NOPASSWD:ALL'
-    validate: visudo -cf %s
-  when: ansible_facts['os_family'] == 'FreeBSD'
-
-- name: 'Allow wheel group to do passwordless sudo'
-  lineinfile:
-    dest: /etc/sudoers
-    state: present
-    regexp: '^%wheel'
-    line: '%wheel ALL=(ALL) NOPASSWD:ALL'
-    validate: visudo -cf %s
-  when:
-    - ansible_facts['os_family'] in ['Debian', 'Archlinux']
-
 - name: 'Create users with corresponding groups'
   user:
     name: "{{ item }}"
     groups: users
   with_items: "{{ users }}"
 
+- block:
+    - name: 'Ensure that sudo group is existing'
+      group:
+        name: sudo
+        state: present
+
+    - name: 'Allow sudo group to do sudo'
+      lineinfile:
+        dest: "{{ lookup('first_found', files, errors='ignore') }}"
+        state: present
+        regexp: '^#?\s*%sudo'
+        line: '%sudo   ALL=(ALL) ALL'
+        validate: visudo -cf %s
+      vars:
+        files:
+          - /etc/sudoers
+          - /usr/local/etc/sudoers # e.g. FreeBSD
+
+    - name: 'Add sudoers user to sudo group'
+      user:
+        name: "{{ item }}"
+        groups: sudo
+        append: yes
+      with_items: "{{ sudoers }}"
+  when:
+    - enable_sudo
+    - not enable_passwordless_sudo
+
 - name: 'Add corresponding authorized_keys to each user'
   authorized_key:
     user: "{{ item }}"
@@ -38,17 +47,33 @@
   with_items: "{{ users }}"
   ignore_errors: yes
 
-- name: 'Ensure that wheel group is existing'
-  group:
-    name: wheel
-    state: present
+- block:
+    - name: 'Ensure that wheel group is existing'
+      group:
+        name: wheel
+        state: present
 
-- name: 'Add sudoers user to wheel group'
-  user:
-    name: "{{ item }}"
-    groups: wheel
-    append: yes
-  with_items: "{{ sudoers }}"
+    - name: 'Add sudoers user to wheel group'
+      user:
+        name: "{{ item }}"
+        groups: wheel
+        append: yes
+      with_items: "{{ sudoers }}"
+
+    - name: 'Allow wheel group to do passwordless sudo'
+      lineinfile:
+        dest: "{{ lookup('first_found', files, errors='ignore') }}"
+        state: present
+        regexp: '^%wheel'
+        line: '%wheel ALL=(ALL) NOPASSWD:ALL'
+        validate: visudo -cf %s
+      vars:
+        files:
+          - /etc/sudoers
+          - /usr/local/etc/sudoers # e.g. FreeBSD
+  when:
+    - enable_sudo
+    - enable_passwordless_sudo
 
 - name: Copy tmux config
   copy: