54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
|
- name: Clean up host and remove unprivileged users
|
||
|
hosts: ssh
|
||
|
gather_facts: yes
|
||
|
remote_user: root
|
||
|
tasks:
|
||
|
# Do this first so we can use tilde notation while the user still exists
|
||
|
- name: Delete homedirs
|
||
|
file:
|
||
|
path: '~{{ item }}'
|
||
|
state: absent
|
||
|
with_items:
|
||
|
- unpriv1
|
||
|
- unpriv2
|
||
|
|
||
|
- name: Delete users
|
||
|
user:
|
||
|
name: "{{ item }}"
|
||
|
state: absent
|
||
|
force: yes # I think this is needed in case pipelining is used and the session remains open
|
||
|
with_items:
|
||
|
- unpriv1
|
||
|
- unpriv2
|
||
|
|
||
|
- name: Delete groups
|
||
|
group:
|
||
|
name: "{{ item }}"
|
||
|
state: absent
|
||
|
with_items:
|
||
|
- acommongroup
|
||
|
- unpriv1
|
||
|
- unpriv2
|
||
|
|
||
|
- name: Fix sudoers.d path for FreeBSD
|
||
|
set_fact:
|
||
|
sudoers_etc: /usr/local/etc
|
||
|
when: ansible_distribution == 'FreeBSD'
|
||
|
|
||
|
- name: Fix sudoers.d path for everything else
|
||
|
set_fact:
|
||
|
sudoers_etc: /etc
|
||
|
when: ansible_distribution != 'FreeBSD'
|
||
|
|
||
|
- name: Undo OpenSUSE
|
||
|
lineinfile:
|
||
|
path: "{{ sudoers_etc }}/sudoers"
|
||
|
regexp: '^### Defaults targetpw'
|
||
|
line: 'Defaults targetpw'
|
||
|
backrefs: yes
|
||
|
|
||
|
- name: Nuke custom sudoers file
|
||
|
file:
|
||
|
path: "{{ sudoers_etc }}/sudoers.d/unpriv1"
|
||
|
state: absent
|