WIP

tasks/main.yml

@@ -0,0 +1,18 @@
+---
+- name: Ensure mandatory variables are configured
+  assert:
+    that: "{{ item }} is defined"
+    fail_msg: "You must define the '{{ item }}' variable"
+  with_items:
+    - add_users_user_accounts
+
+- name: Include resource variables
+  include_vars: "{{ add_users_user_accounts }}"
+  tags:
+    # Note(d1): we already load in converge.yml so skip here
+    - molecule-notest
+
+# Note(d1): Done in this way because https://stackoverflow.com/a/39041069
+- name: Include user addition tasks
+  include: users.yml user={{ item }}
+  with_items: "{{ members }}"

tasks/users.yml

@@ -0,0 +1,40 @@
+---
+- name: "Expire an existing user account"
+  block:
+    - name: Show which user account is being handled
+      debug:
+        msg: "Attempting to expire account for {{ user.username }}..."
+
+    - name: Check if the user accounts already exists
+      getent:
+        database: passwd
+        key: "{{ user.username }}"
+      register: user_exists
+      ignore_errors: true
+
+
+    - name: Expire the account and blank the password
+      user:
+        name: "{{ user.username }}"
+        expires: 0
+        password: '!'
+      when: user_exists is succeeded
+
+    - name: Remove user's .ssh/authorized_keys file
+      file:
+        path: "/home/{{ user.username }}/.ssh/authorized_keys"
+        state: absent
+
+    - name: Remove password store entry
+       become: false
+       delegate_to: localhost
+       command: "pass rm -r users/{{ user.username }}/sudo/ {{ item.email }}"
+       when: user_exists is succeeded
+
+          #TODO:    - name: "Remove username from the SSH AllowUsers configuration"
+          #      replace:
+          #        backup: true
+          #        dest: /etc/ssh/sshd_config
+          #        regexp: '^(AllowUsers(?!.*\b{{ user.username }}\b).*)$' # this is copied from autonomic.add-users, not correct
+          #        replace: '\1 {{ user.username }}' # this is also in need of change
+          #      notify: Restart SSH