56 lines
1.6 KiB
YAML
56 lines
1.6 KiB
YAML
---
|
|
- name: Ensure mandatory variables are configured
|
|
assert:
|
|
that: "{{ item }} is defined"
|
|
fail_msg: "You must define the '{{ item }}' variable"
|
|
with_items:
|
|
- add_users_user_accounts
|
|
|
|
- name: Include resource variables
|
|
include_vars: "{{ add_users_user_accounts }}"
|
|
tags:
|
|
# Note(d1): we already load in converge.yml so skip here
|
|
- molecule-notest
|
|
|
|
# Note(d1): Done in this way because https://stackoverflow.com/a/39041069
|
|
- name: "Expire an existing user account"
|
|
block:
|
|
- name: Show which user account is being handled
|
|
debug:
|
|
msg: "Attempting to expire account for {{ username }}..."
|
|
|
|
- name: Check if the user accounts already exists
|
|
getent:
|
|
database: passwd
|
|
key: "{{ username }}"
|
|
register: user_exists
|
|
ignore_errors: true
|
|
|
|
|
|
- name: Expire the account and blank the password
|
|
user:
|
|
name: "{{ username }}"
|
|
expires: 0
|
|
password: '!'
|
|
when: user_exists is succeeded
|
|
|
|
- name: Remove user's .ssh/authorized_keys file
|
|
file:
|
|
path: "/home/{{ username }}/.ssh/authorized_keys"
|
|
state: absent
|
|
|
|
- name: Remove password store entry
|
|
become: false
|
|
delegate_to: localhost
|
|
command: "pass rm -r users/{{ username }}/sudo/{{ inventory_hostname }}"
|
|
when: user_exists is succeeded
|
|
|
|
- name: "Remove username from the SSH AllowUsers configuration"
|
|
replace:
|
|
backup: true
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '{{ username }}'
|
|
after: 'AllowUsers'
|
|
replace: ''
|
|
notify: Restart SSH
|