69472a5f8d
Change: - Refactoring to make it harder to get wrong and easier to read. - Generalize become_unprivileged tests and fix some that never worked but also never failed. Test Plan: - CI, new units/integration tests Signed-off-by: Rick Elrod <rick@elrod.me>
53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
- name: Clean up host and remove unprivileged users
|
|
hosts: ssh
|
|
gather_facts: yes
|
|
remote_user: root
|
|
tasks:
|
|
# Do this first so we can use tilde notation while the user still exists
|
|
- name: Delete homedirs
|
|
file:
|
|
path: '~{{ item }}'
|
|
state: absent
|
|
with_items:
|
|
- unpriv1
|
|
- unpriv2
|
|
|
|
- name: Delete users
|
|
user:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
force: yes # I think this is needed in case pipelining is used and the session remains open
|
|
with_items:
|
|
- unpriv1
|
|
- unpriv2
|
|
|
|
- name: Delete groups
|
|
group:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- acommongroup
|
|
- unpriv1
|
|
- unpriv2
|
|
|
|
- name: Fix sudoers.d path for FreeBSD
|
|
set_fact:
|
|
sudoers_etc: /usr/local/etc
|
|
when: ansible_distribution == 'FreeBSD'
|
|
|
|
- name: Fix sudoers.d path for everything else
|
|
set_fact:
|
|
sudoers_etc: /etc
|
|
when: ansible_distribution != 'FreeBSD'
|
|
|
|
- name: Undo OpenSUSE
|
|
lineinfile:
|
|
path: "{{ sudoers_etc }}/sudoers"
|
|
regexp: '^### Defaults targetpw'
|
|
line: 'Defaults targetpw'
|
|
backrefs: yes
|
|
|
|
- name: Nuke custom sudoers file
|
|
file:
|
|
path: "{{ sudoers_etc }}/sudoers.d/unpriv1"
|
|
state: absent
|