commit
f035a3bed7
@ -0,0 +1,15 @@ |
||||
autonomic.expire-users: expire system user accounts |
||||
Copyright (C) 2022 Autonomic Co-operative <helo@autonomic.zone> |
||||
|
||||
This program is free software: you can redistribute it and/or modify |
||||
it under the terms of the GNU General Public License as published by |
||||
the Free Software Foundation, either version 3 of the License, or |
||||
(at your option) any later version. |
||||
|
||||
This program is distributed in the hope that it will be useful, |
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
GNU General Public License for more details. |
||||
|
||||
You should have received a copy of the GNU General Public License |
||||
along with this program. If not, see <https://www.gnu.org/licenses/>. |
@ -0,0 +1,3 @@ |
||||
# autonomic.expire-users |
||||
|
||||
[](https://drone.autonomic.zone/autonomic-cooperative/autonomic.expire-users) |
@ -0,0 +1,6 @@ |
||||
--- |
||||
- name: Restart SSH |
||||
become: true |
||||
service: |
||||
name: ssh |
||||
state: restarted |
@ -0,0 +1,2 @@ |
||||
install_date: Fri Jun 17 11:35:23 2022 |
||||
version: 0.1.1 |
@ -0,0 +1,14 @@ |
||||
--- |
||||
dependencies: [] |
||||
galaxy_info: |
||||
role_name: expire |
||||
namespace: autonomic |
||||
author: autonomic |
||||
description: Disable (not remove) system user accounts) |
||||
company: Autonomic |
||||
license: GPLv3 |
||||
min_ansible_version: 2.9 |
||||
platforms: |
||||
- name: Debian |
||||
versions: |
||||
- buster |
@ -0,0 +1,4 @@ |
||||
ansible-lint==6.0.0 |
||||
ansible==5.4.0 |
||||
molecule-hetznercloud==1.3.0 |
||||
molecule==3.6.1 |
@ -0,0 +1,18 @@ |
||||
--- |
||||
- name: Ensure mandatory variables are configured |
||||
assert: |
||||
that: "{{ item }} is defined" |
||||
fail_msg: "You must define the '{{ item }}' variable" |
||||
with_items: |
||||
- add_users_user_accounts |
||||
|
||||
- name: Include resource variables |
||||
include_vars: "{{ add_users_user_accounts }}" |
||||
tags: |
||||
# Note(d1): we already load in converge.yml so skip here |
||||
- molecule-notest |
||||
|
||||
# Note(d1): Done in this way because https://stackoverflow.com/a/39041069 |
||||
- name: Include user addition tasks |
||||
include: users.yml user={{ item }} |
||||
with_items: "{{ members }}" |
@ -0,0 +1,40 @@ |
||||
--- |
||||
- name: "Expire an existing user account" |
||||
block: |
||||
- name: Show which user account is being handled |
||||
debug: |
||||
msg: "Attempting to expire account for {{ user.username }}..." |
||||
|
||||
- name: Check if the user accounts already exists |
||||
getent: |
||||
database: passwd |
||||
key: "{{ user.username }}" |
||||
register: user_exists |
||||
ignore_errors: true |
||||
|
||||
|
||||
- name: Expire the account and blank the password |
||||
user: |
||||
name: "{{ user.username }}" |
||||
expires: 0 |
||||
password: '!' |
||||
when: user_exists is succeeded |
||||
|
||||
- name: Remove user's .ssh/authorized_keys file |
||||
file: |
||||
path: "/home/{{ user.username }}/.ssh/authorized_keys" |
||||
state: absent |
||||
|
||||
- name: Remove password store entry |
||||
become: false |
||||
delegate_to: localhost |
||||
command: "pass rm -r users/{{ user.username }}/sudo/ {{ item.email }}" |
||||
when: user_exists is succeeded |
||||
|
||||
#TODO: - name: "Remove username from the SSH AllowUsers configuration" |
||||
# replace: |
||||
# backup: true |
||||
# dest: /etc/ssh/sshd_config |
||||
# regexp: '^(AllowUsers(?!.*\b{{ user.username }}\b).*)$' # this is copied from autonomic.add-users, not correct |
||||
# replace: '\1 {{ user.username }}' # this is also in need of change |
||||
# notify: Restart SSH |
Reference in new issue