parent
f035a3bed7
commit
f545e2bdad
@ -0,0 +1,8 @@ |
||||
--- |
||||
- name: Converge |
||||
hosts: all |
||||
vars: |
||||
add_users_user_accounts: files/members.yml |
||||
- name: Include resource variables |
||||
include_vars: "{{ add_users_user_accounts }}" |
||||
|
@ -1,40 +0,0 @@ |
||||
--- |
||||
- name: "Expire an existing user account" |
||||
block: |
||||
- name: Show which user account is being handled |
||||
debug: |
||||
msg: "Attempting to expire account for {{ user.username }}..." |
||||
|
||||
- name: Check if the user accounts already exists |
||||
getent: |
||||
database: passwd |
||||
key: "{{ user.username }}" |
||||
register: user_exists |
||||
ignore_errors: true |
||||
|
||||
|
||||
- name: Expire the account and blank the password |
||||
user: |
||||
name: "{{ user.username }}" |
||||
expires: 0 |
||||
password: '!' |
||||
when: user_exists is succeeded |
||||
|
||||
- name: Remove user's .ssh/authorized_keys file |
||||
file: |
||||
path: "/home/{{ user.username }}/.ssh/authorized_keys" |
||||
state: absent |
||||
|
||||
- name: Remove password store entry |
||||
become: false |
||||
delegate_to: localhost |
||||
command: "pass rm -r users/{{ user.username }}/sudo/ {{ item.email }}" |
||||
when: user_exists is succeeded |
||||
|
||||
#TODO: - name: "Remove username from the SSH AllowUsers configuration" |
||||
# replace: |
||||
# backup: true |
||||
# dest: /etc/ssh/sshd_config |
||||
# regexp: '^(AllowUsers(?!.*\b{{ user.username }}\b).*)$' # this is copied from autonomic.add-users, not correct |
||||
# replace: '\1 {{ user.username }}' # this is also in need of change |
||||
# notify: Restart SSH |
Reference in new issue