diff --git a/defaults/main.yml b/defaults/main.yml
index e00eb87..028cff8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -47,3 +47,6 @@ openwisp2_wireguard_ssl_state: "California"
 openwisp2_wireguard_ssl_locality: "San Francisco"
 openwisp2_wireguard_ssl_organization: "IT dep."
 openwisp2_wireguard_ssl_common_name: "{{ inventory_hostname }}"
+
+openwisp_group: "openwisp"
+openwisp_user: "openwisp"
diff --git a/files/sudoers.d/openwisp b/files/sudoers.d/openwisp
deleted file mode 100644
index 52ab7e2..0000000
--- a/files/sudoers.d/openwisp
+++ /dev/null
@@ -1 +0,0 @@
-%openwisp ALL = NOPASSWD: /usr/bin/wg-quick, /usr/bin/wg, /usr/bin/nmcli, /usr/bin/ip, /usr/sbin/bridge
diff --git a/molecule/local/molecule.yml b/molecule/local/molecule.yml
index c6f5542..a849e8d 100644
--- a/molecule/local/molecule.yml
+++ b/molecule/local/molecule.yml
@@ -46,6 +46,14 @@ platforms:
     cgroupns_mode: host
     privileged: true
     pre_build_image: true
+  - name: "openwisp2-debian13"
+    image: "geerlingguy/docker-debian13-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
 # TODO: Add platforms for RHEL 7 and 8
 provisioner:
   name: ansible
diff --git a/tasks/complete.yml b/tasks/complete.yml
index 1aa0b76..2478a64 100644
--- a/tasks/complete.yml
+++ b/tasks/complete.yml
@@ -2,7 +2,7 @@
 
 - name: Run update_wireguard.sh check_config as openwisp user
   become: true
-  become_user: openwisp
+  become_user: "{{ openwisp_user }}"
   command: "{{ openwisp2_wireguard_path }}/update_wireguard.sh check_config"
   # Skip this task during molecule tests: the OpenWISP Controller is not available
   # inside the test container, so update_wireguard.sh would fail when attempting
diff --git a/tasks/user_management.yml b/tasks/user_management.yml
index 4c57a21..94a003a 100644
--- a/tasks/user_management.yml
+++ b/tasks/user_management.yml
@@ -9,10 +9,10 @@
     name: "{{ openwisp_user }}"
     shell: /sbin/nologin
     state: present
-    group: openwisp
+    group: "{{ openwisp_user }}"
 
 - name: Add sudo permissions for Wireguard and Network Manager commands
-  ansible.builtin.copy:
-    src: "sudoers.d/{{ openwisp_group }}"
-    dest: /etc/sudoers.d/openwisp
+  ansible.builtin.template:
+    src: "sudoers.d/openwisp_user"
+    dest: /etc/sudoers.d/{{ openwisp_group }}
     mode: 0440
diff --git a/templates/sudoers.d/openwisp_user b/templates/sudoers.d/openwisp_user
new file mode 100644
index 0000000..ca60b6e
--- /dev/null
+++ b/templates/sudoers.d/openwisp_user
@@ -0,0 +1 @@
+%{{ openwisp_group }} ALL = NOPASSWD: /usr/bin/wg-quick, /usr/bin/wg, /usr/bin/nmcli, /usr/bin/ip, /usr/sbin/bridge
diff --git a/vars/main.yml b/vars/main.yml
index be2da8d..23452e7 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,4 +1,3 @@
 ---
 virtualenv_path: "{{ openwisp2_wireguard_path }}/env"
-openwisp_group: "openwisp"
-openwisp_user: "openwisp"
+