diff --git a/shell/tasks/sudo.yml b/shell/tasks/sudo.yml
index 9154a4cedfbd5016b8109d586e6b3fbdd7e587c5..5f65bd4fd045b3e1ee708fabbbf05f4f1b386aed 100644
--- a/shell/tasks/sudo.yml
+++ b/shell/tasks/sudo.yml
@@ -9,8 +9,8 @@
     - sudo
 
 - name: ensure we got a sane sudo config
-  copy:
-    src: sudo/default
+  template:
+    src: sudoers.j2
     dest: /etc/sudoers
     owner: root
     group: root
diff --git a/shell/files/sudo/default b/shell/templates/sudoers.j2
similarity index 76%
rename from shell/files/sudo/default
rename to shell/templates/sudoers.j2
index 28f0f601210fcba39b233246c05640e4dc80f59c..dedfefa7471d3487257f73aed65e978b0abcdad9 100644
--- a/shell/files/sudo/default
+++ b/shell/templates/sudoers.j2
@@ -19,6 +19,12 @@ Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/b
 # User privilege specification
 root	ALL=(ALL:ALL) ALL
 
+{% if ansible_distribution_major_version|int(default=99) < 11 %}
 # See sudoers(5) for more information on "#include" directives:
 
 #includedir /etc/sudoers.d
+{% else %}
+# See sudoers(5) for more information on "@include" directives:
+
+@includedir /etc/sudoers.d
+{% endif %}