41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
---
|
|
- name: "Expire an existing user account"
|
|
block:
|
|
- name: Show which user account is being handled
|
|
debug:
|
|
msg: "Attempting to expire account for {{ user.username }}..."
|
|
|
|
- name: Check if the user accounts already exists
|
|
getent:
|
|
database: passwd
|
|
key: "{{ user.username }}"
|
|
register: user_exists
|
|
ignore_errors: true
|
|
|
|
|
|
- name: Expire the account and blank the password
|
|
user:
|
|
name: "{{ user.username }}"
|
|
expires: 0
|
|
password: '!'
|
|
when: user_exists is succeeded
|
|
|
|
- name: Remove user's .ssh/authorized_keys file
|
|
file:
|
|
path: "/home/{{ user.username }}/.ssh/authorized_keys"
|
|
state: absent
|
|
|
|
- name: Remove password store entry
|
|
become: false
|
|
delegate_to: localhost
|
|
command: "pass rm -r users/{{ user.username }}/sudo/ {{ item.email }}"
|
|
when: user_exists is succeeded
|
|
|
|
#TODO: - name: "Remove username from the SSH AllowUsers configuration"
|
|
# replace:
|
|
# backup: true
|
|
# dest: /etc/ssh/sshd_config
|
|
# regexp: '^(AllowUsers(?!.*\b{{ user.username }}\b).*)$' # this is copied from autonomic.add-users, not correct
|
|
# replace: '\1 {{ user.username }}' # this is also in need of change
|
|
# notify: Restart SSH
|