diff --git a/bundles/sudo/files/sudoers b/bundles/sudo/files/sudoers
new file mode 100644
index 0000000..3664817
--- /dev/null
+++ b/bundles/sudo/files/sudoers
@@ -0,0 +1,11 @@
+Defaults timestamp_timeout=5
+Defaults insults
+Defaults passwd_timeout=10
+Defaults env_reset
+
+
+root ALL=(ALL) ALL
+
+% for user in node.metadata['sudo']:
+${user} ALL=(ALL) NOPASSWD:ALL
+% endfor
diff --git a/bundles/sudo/items.py b/bundles/sudo/items.py
new file mode 100644
index 0000000..ba74753
--- /dev/null
+++ b/bundles/sudo/items.py
@@ -0,0 +1,9 @@
+groups = {
+    'sudo': {},
+}
+
+files = {
+    '/etc/sudoers': {
+        'content_type': 'mako',
+    },
+}
diff --git a/bundles/sudo/metadata.py b/bundles/sudo/metadata.py
new file mode 100644
index 0000000..73e2f5a
--- /dev/null
+++ b/bundles/sudo/metadata.py
@@ -0,0 +1,11 @@
+@metadata_processor
+def sudo_users(metadata):
+    sudoers = []
+
+    for username, config in metadata.get('users', {}).items():
+        if 'sudo' in config and config['sudo']:
+            sudoers.append(username)
+
+    metadata['sudo'] = sudoers
+
+    return metadata, RUN_ME_AGAIN
diff --git a/groups/all.py b/groups/all.py
index 5b8830f..a873e88 100644
--- a/groups/all.py
+++ b/groups/all.py
@@ -4,6 +4,7 @@ groups['all'] = {
     ),
     'bundles': {
         'apt',
+        'sudo',
         'users',
     },
     'metadata': {
@@ -17,10 +18,8 @@ groups['all'] = {
                 'ssh_pubkey': [
                     'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971',
                 ],
-                'groups': [
-                    'sudo',
-                ],
                 'shell': '/usr/bin/fish',
+                'sudo': True,
             },
         },
     },