ansible/common
ansible/common
1
0
Fork 0
Code Issues Pull requests Releases Activity

feat: use ansible block

Browse source
This commit is contained in:
Simon Cornet 2025-03-31 18:19:09 +02:00
commit b5c819fb27
12 changed files with 399 additions and 424 deletions
Download patch file Download diff file Expand all files Collapse all files

32
tasks/apt/cleanup.yaml
View file

@ -1,18 +1,22 @@
--- ---
# clean apt cache # apt cleanup
- name: "apt - clean cache" - name: "apt cleanup"
ansible.builtin.apt: block:
clean: true
changed_when: false # clean apt cache
failed_when: false - name: "apt - clean cache"
tags: "apt-cleanup" ansible.builtin.apt:
when: 'ansible_os_family == "Debian"' clean: true
changed_when: false
failed_when: false
when: 'ansible_os_family == "Debian"'
# run fstrim if target is a VM
- name: "fstrim"
ansible.builtin.command: "fstrim /"
changed_when: false
failed_when: false
when: 'type == "vm"'
# run fstrim if target is a VM
- name: "fstrim"
ansible.builtin.command: "fstrim /"
changed_when: false
failed_when: false
tags: "apt-cleanup" tags: "apt-cleanup"
when: 'type == "vm"'

41
tasks/apt/config.yaml
View file

@ -1,24 +1,27 @@
--- ---
# configure apt auto update # apt config
- name: "apt - config - configure apt periodic" - name: "apt config"
ansible.builtin.template: block:
src: "templates/apt/conf.d/10periodic.j2"
dest: "/etc/apt/apt.conf.d/10periodic" # configure apt auto update
owner: "root" - name: "apt - config - configure apt periodic"
group: "root" ansible.builtin.template:
mode: "0644" src: "templates/apt/conf.d/10periodic.j2"
when: 'ansible_os_family == "Debian"' dest: "/etc/apt/apt.conf.d/10periodic"
tags: owner: "root"
- "apt" group: "root"
mode: "0644"
when: 'ansible_os_family == "Debian"'
- name: "apt - config - configure apt unatteded updates"
ansible.builtin.template:
src: "templates/apt/conf.d/50unattended-upgrades.{{ ansible_distribution }}.j2"
dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
owner: "root"
group: "root"
mode: "0644"
when: 'ansible_os_family == "Debian"'
- name: "apt - config - configure apt unatteded updates"
ansible.builtin.template:
src: "templates/apt/conf.d/50unattended-upgrades.{{ ansible_distribution }}.j2"
dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
owner: "root"
group: "root"
mode: "0644"
when: 'ansible_os_family == "Debian"'
tags: tags:
- "apt" - "apt"

49
tasks/apt/packages.yaml
View file

@ -1,27 +1,30 @@
--- ---
# install packages # apt packages
- name: "apt - install - packages" - name: "apt packages"
ansible.builtin.apt: block:
name: "{{ apt_default_install }}"
state: "present" # install packages
update_cache: true - name: "apt - install - packages"
when: 'ansible_os_family == "Debian"' ansible.builtin.apt:
loop: "{{ apt_default_packages_install }}" name: "{{ apt_default_install }}"
loop_control: state: "present"
loop_var: "apt_default_install" update_cache: true
tags: when: 'ansible_os_family == "Debian"'
- "apt" loop: "{{ apt_default_packages_install }}"
loop_control:
loop_var: "apt_default_install"
# purge packages
- name: "apt - delete - packages"
ansible.builtin.apt:
name: "{{ apt_default_delete }}"
state: "absent"
purge: true
when: 'ansible_os_family == "Debian"'
loop: "{{ apt_default_packages_delete }}"
loop_control:
loop_var: "apt_default_delete"
# purge packages
- name: "apt - delete - packages"
ansible.builtin.apt:
name: "{{ apt_default_delete }}"
state: "absent"
purge: true
when: 'ansible_os_family == "Debian"'
loop: "{{ apt_default_packages_delete }}"
loop_control:
loop_var: "apt_default_delete"
tags: tags:
- "apt" - "apt"

73
tasks/apt/sources.yaml
View file

@ -1,42 +1,43 @@
--- ---
# configure apt sources # manage apt sources
- name: "apt - config - configure apt sources" - name: "manage apt sources"
ansible.builtin.template: block:
src: "templates/apt/sources.d/sources.list.{{ ansible_distribution }}.j2"
dest: "/etc/apt/sources.list"
owner: "root"
group: "root"
mode: "0644"
when:
- 'ansible_os_family == "Debian"'
- 'ansible_distribution_major_version <= "23"'
notify: "apt force cache update"
tags:
- "apt"
# configure apt sources # configure apt sources
- name: "apt - config - configure apt sources" - name: "apt - config - configure apt sources"
ansible.builtin.template: ansible.builtin.template:
src: "templates/apt/sources.d/{{ ansible_distribution }}.sources.j2" src: "templates/apt/sources.d/sources.list.{{ ansible_distribution }}.j2"
dest: "/etc/apt/sources.list.d/ubuntu.sources" dest: "/etc/apt/sources.list"
owner: "root" owner: "root"
group: "root" group: "root"
mode: "0644" mode: "0644"
when: when:
- 'ansible_distribution == "Ubuntu"' - 'ansible_os_family == "Debian"'
- 'ansible_distribution_major_version >= "24"' - 'ansible_distribution_major_version <= "23"'
notify: "apt force cache update" notify: "apt force cache update"
tags:
- "apt" # configure apt sources
- name: "apt - config - configure apt sources"
ansible.builtin.template:
src: "templates/apt/sources.d/{{ ansible_distribution }}.sources.j2"
dest: "/etc/apt/sources.list.d/ubuntu.sources"
owner: "root"
group: "root"
mode: "0644"
when:
- 'ansible_distribution == "Ubuntu"'
- 'ansible_distribution_major_version >= "24"'
notify: "apt force cache update"
# delete unused sources.list
- name: "apt - config - remove old sources.list"
ansible.builtin.file:
path: "/etc/apt/sources.list"
state: "absent"
when:
- 'ansible_distribution == "Ubuntu"'
- 'ansible_distribution_major_version >= "24"'
# delete unused sources.list
- name: "apt - config - remove old sources.list"
ansible.builtin.file:
path: "/etc/apt/sources.list"
state: "absent"
when:
- 'ansible_distribution == "Ubuntu"'
- 'ansible_distribution_major_version >= "24"'
tags: tags:
- "apt" - "apt"

43
tasks/firewall/firewall-rules-routed.yaml
View file

@ -1,26 +1,29 @@
--- ---
# basic firewall rules # basic firewall rules
- name: "firewall - allow incoming routed traffic" - name: "basic firewall rules"
community.general.ufw: block:
rule: "allow"
route: "yes"
src: "{{ item[0] }}"
dest: "{{ item[1] }}"
with_nested:
- "{{ __rule['source_nets'] }}"
- "{{ __rule['destination_nets'] }}"
tags:
- "firewall"
- name: "firewall - allow outgoing routed traffic" # basic firewall rules
community.general.ufw: - name: "firewall - allow incoming routed traffic"
rule: "allow" community.general.ufw:
route: "yes" rule: "allow"
src: "{{ item[1] }}" route: "yes"
dest: "{{ item[0] }}" src: "{{ item[0] }}"
with_nested: dest: "{{ item[1] }}"
- "{{ __rule['source_nets'] }}" with_nested:
- "{{ __rule['destination_nets'] }}" - "{{ __rule['source_nets'] }}"
- "{{ __rule['destination_nets'] }}"
- name: "firewall - allow outgoing routed traffic"
community.general.ufw:
rule: "allow"
route: "yes"
src: "{{ item[1] }}"
dest: "{{ item[0] }}"
with_nested:
- "{{ __rule['source_nets'] }}"
- "{{ __rule['destination_nets'] }}"
tags: tags:
- "firewall" - "firewall"

41
tasks/main.yaml
View file

@ -1,35 +1,18 @@
--- ---
# check os support # import ossupport and load variables
- name: "check for os support" - name: "import ossupport and load variables"
ansible.builtin.import_tasks: "ossupport.yaml" block:
tags:
- "apt" # check os support
- "apt-cleanup" - name: "check for os support"
- "cron" ansible.builtin.import_tasks: "ossupport.yaml"
- "environment-file"
- "hostname" # load os variables
- "firewall" - name: "include os specific vars"
- "journald" ansible.builtin.include_vars: "{{ ansible_os_family }}.yaml"
- "locale" when: "os_support"
- "lldp"
- "lxd"
- "motd"
- "ntp"
- "telemetry"
- "snap"
- "sshd"
- "swap"
- "sysctl"
- "systemctl"
- "syslog"
- "timezone"
- "usermanagement"
# load os variables
- name: "include os specific vars"
ansible.builtin.include_vars: "{{ ansible_os_family }}.yaml"
when: "os_support"
tags: tags:
- "apt" - "apt"
- "apt-cleanup" - "apt-cleanup"

70
tasks/motd.yaml
View file

@ -1,43 +1,41 @@
--- ---
# find old motd files - name: "manage motd"
- name: "motd - find old scripts" block:
ansible.builtin.find:
paths: "/etc/update-motd.d/"
file_type: "file"
excludes:
- "10-custom-motd"
register: "old_motd"
tags:
- "motd"
# remove old custom motd files # find old motd files
- name: "motd - cleanup directory" - name: "motd - find old scripts"
ansible.builtin.file: ansible.builtin.find:
path: "{{ item.path }}" paths: "/etc/update-motd.d/"
state: "absent" file_type: "file"
loop: "{{ old_motd.files }}" excludes:
when: "old_motd.files|length > 0" - "10-custom-motd"
tags: register: "old_motd"
- "motd"
# remove old motd files # remove old custom motd files
- name: "motd - cleanup main file" - name: "motd - cleanup directory"
ansible.builtin.file: ansible.builtin.file:
path: "/etc/motd" path: "{{ item.path }}"
state: "absent" state: "absent"
when: "inventory_hostname != 'bastion.siempie.internal'" loop: "{{ old_motd.files }}"
tags: when: "old_motd.files|length > 0"
- "motd"
# remove old motd files
- name: "motd - cleanup main file"
ansible.builtin.file:
path: "/etc/motd"
state: "absent"
when: "inventory_hostname != 'bastion.siempie.internal'"
# configure motd
- name: "motd - siempie"
ansible.builtin.template:
src: "templates/motd/motd.sh.j2"
dest: "/etc/update-motd.d/10-custom-motd"
owner: "root"
group: "root"
mode: "0755"
when: 'ansible_os_family == "Debian"'
# configure motd
- name: "motd - siempie"
ansible.builtin.template:
src: "templates/motd/motd.sh.j2"
dest: "/etc/update-motd.d/10-custom-motd"
owner: "root"
group: "root"
mode: "0755"
when: 'ansible_os_family == "Debian"'
tags: tags:
- "motd" - "motd"

38
tasks/ntp.yaml
View file

@ -1,23 +1,25 @@
--- ---
# install chrony - name: "manage ntp"
- name: "ntp - install - chrony debian" block:
ansible.builtin.apt:
name: "chrony" # install chrony
state: "present" - name: "ntp - install - chrony debian"
when: 'ansible_os_family == "Debian"' ansible.builtin.apt:
tags: name: "chrony"
- "ntp" state: "present"
when: 'ansible_os_family == "Debian"'
# configure chrony
- name: "ntp - config - configure chrony"
ansible.builtin.template:
src: "templates/chrony/chrony.conf.j2"
dest: "/etc/chrony/chrony.conf"
owner: "root"
group: "root"
mode: "0644"
when: 'ansible_os_family == "Debian"'
notify: "restart chrony"
# configure chrony
- name: "ntp - config - configure chrony"
ansible.builtin.template:
src: "templates/chrony/chrony.conf.j2"
dest: "/etc/chrony/chrony.conf"
owner: "root"
group: "root"
mode: "0644"
when: 'ansible_os_family == "Debian"'
notify: "restart chrony"
tags: tags:
- "ntp" - "ntp"

61
tasks/snap/snap_daemon.yaml
View file

@ -1,38 +1,37 @@
--- ---
# set defaults # manage snapd
- name: "set facts" - name: "manage snapd"
ansible.builtin.set_fact: block:
__snapd_service: "{{ snapd_service | default('false') }}"
tags:
- "snap"
# purge snapd # set defaults
- name: "snapd - purge - package" - name: "set facts"
ansible.builtin.apt: ansible.builtin.set_fact:
name: "snapd" __snapd_service: "{{ snapd_service | default('false') }}"
state: "absent"
purge: "yes"
when: "not __snapd_service"
tags:
- "snap"
# install snapd # purge snapd
- name: "snapd - install - package" - name: "snapd - purge - package"
ansible.builtin.apt: ansible.builtin.apt:
name: "snapd" name: "snapd"
state: "present" state: "absent"
cache_valid_time: "120" purge: "yes"
when: "__snapd_service" when: "not __snapd_service"
tags:
- "snap" # install snapd
- name: "snapd - install - package"
ansible.builtin.apt:
name: "snapd"
state: "present"
cache_valid_time: "120"
when: "__snapd_service"
# enable snapd
- name: "snapd - enable snapd service"
ansible.builtin.service:
name: "snapd"
state: "started"
enabled: true
when: "__snapd_service"
# enable snapd
- name: "snapd - enable snapd service"
ansible.builtin.service:
name: "snapd"
state: "started"
enabled: true
when: "__snapd_service"
tags: tags:
- "snap" - "snap"

149
tasks/swap.yaml
View file

@ -1,94 +1,81 @@
--- ---
# enable or disable swap # manage swap
- name: "swap - set variable" - name: "manage swap"
ansible.builtin.set_fact: block:
__swap: "{{ swap | default('true') }}"
tags:
- "swap"
# verify swapfile # enable or disable swap
- name: "swap - verify swapfile" - name: "swap - set variable"
ansible.builtin.stat: ansible.builtin.set_fact:
path: "{{ swap_file_location | default('/swapfile') }}" __swap: "{{ swap | default('true') }}"
register: "swap_file_check"
tags:
- "swap"
## create swap # verify swapfile
# create swap file - name: "swap - verify swapfile"
- name: "swap - create swap file" ansible.builtin.stat:
ansible.builtin.command: "fallocate -l {{ swap_file_size }} {{ swap_file_location }}" path: "{{ swap_file_location | default('/swapfile') }}"
when: "not swap_file_check.stat.exists and __swap" register: "swap_file_check"
tags:
- "swap"
# set swap file permissions ## create swap
- name: "swap - set permissions " # create swap file
ansible.builtin.file: - name: "swap - create swap file"
path: "{{ swap_file_location }}" ansible.builtin.command: "fallocate -l {{ swap_file_size }} {{ swap_file_location }}"
owner: "root" when: "not swap_file_check.stat.exists and __swap"
group: "root"
mode: "0600"
when: "__swap"
tags:
- "swap"
# 'format' swapfile # set swap file permissions
- name: "swap - format swap file" - name: "swap - set permissions "
ansible.builtin.command: "mkswap {{ swap_file_location }}" ansible.builtin.file:
when: "not swap_file_check.stat.exists and __swap" path: "{{ swap_file_location }}"
tags: owner: "root"
- "swap" group: "root"
mode: "0600"
when: "__swap"
# configure fstab # 'format' swapfile
- name: "swap - configure fstab" - name: "swap - format swap file"
ansible.posix.mount: ansible.builtin.command: "mkswap {{ swap_file_location }}"
name: "swapfile" when: "not swap_file_check.stat.exists and __swap"
src: "{{ swap_file_location | default('/swapfile') }}"
fstype: "swap"
opts: "sw"
passno: "0"
dump: "0"
state: "present"
when: "__swap"
tags:
- "swap"
# enable swap # configure fstab
- name: "swap - enable swap" - name: "swap - configure fstab"
ansible.builtin.command: "swapon -a" ansible.posix.mount:
when: "not swap_file_check.stat.exists and __swap" name: "swapfile"
tags: src: "{{ swap_file_location | default('/swapfile') }}"
- "swap" fstype: "swap"
opts: "sw"
passno: "0"
dump: "0"
state: "present"
when: "__swap"
## delete swap # enable swap
# disable swap - name: "swap - enable swap"
- name: "swap - disable swap" ansible.builtin.command: "swapon -a"
ansible.builtin.command: "swapoff -a" when: "not swap_file_check.stat.exists and __swap"
when: "swap_file_check.stat.exists and not __swap"
tags:
- "swap"
# delete swap file ## delete swap
- name: "swap - delete swap file" # disable swap
ansible.builtin.file: - name: "swap - disable swap"
path: "{{ swap_file_location }}" ansible.builtin.command: "swapoff -a"
state: "absent" when: "swap_file_check.stat.exists and not __swap"
when: "swap_file_check.stat.exists and not __swap"
tags: # delete swap file
- "swap" - name: "swap - delete swap file"
ansible.builtin.file:
path: "{{ swap_file_location }}"
state: "absent"
when: "swap_file_check.stat.exists and not __swap"
# configure fstab
- name: "swap - configure fstab"
ansible.posix.mount:
name: "swapfile"
src: "{{ swap_file_location | default('/swapfile') }}"
fstype: "swap"
opts: "sw"
passno: "0"
dump: "0"
state: "absent"
when: "not __swap"
# configure fstab
- name: "swap - configure fstab"
ansible.posix.mount:
name: "swapfile"
src: "{{ swap_file_location | default('/swapfile') }}"
fstype: "swap"
opts: "sw"
passno: "0"
dump: "0"
state: "absent"
when: "not __swap"
tags: tags:
- "swap" - "swap"

91
tasks/syslog/config.yaml
View file

@ -1,53 +1,52 @@
--- ---
# configure rsyslogd - debian # manage syslog
- name: "syslog - config - rsyslog - debian" - name: "manage syslog"
ansible.builtin.template: block:
src: "templates/syslog/rsyslog/rsyslog.debian.conf.j2"
dest: "/etc/rsyslog.conf"
owner: "root"
group: "root"
mode: "0644"
when: 'ansible_distribution == "Debian"'
notify: "restart rsyslog"
tags:
- "syslog"
# configure rsyslogd - ubuntu # configure rsyslogd - debian
- name: "syslog - config - rsyslog - ubuntu" - name: "syslog - config - rsyslog - debian"
ansible.builtin.template: ansible.builtin.template:
src: "templates/syslog/rsyslog/rsyslog.ubuntu.conf.j2" src: "templates/syslog/rsyslog/rsyslog.debian.conf.j2"
dest: "/etc/rsyslog.conf" dest: "/etc/rsyslog.conf"
owner: "root" owner: "root"
group: "root" group: "root"
mode: "0644" mode: "0644"
when: 'ansible_distribution == "Ubuntu"' when: 'ansible_distribution == "Debian"'
notify: "restart rsyslog" notify: "restart rsyslog"
tags:
- "syslog"
# configure rsyslogd - apt # configure rsyslogd - ubuntu
- name: "syslog - config - apt" - name: "syslog - config - rsyslog - ubuntu"
ansible.builtin.template: ansible.builtin.template:
src: "templates/syslog/rsyslog.d/apt.conf.j2" src: "templates/syslog/rsyslog/rsyslog.ubuntu.conf.j2"
dest: "/etc/rsyslog.d/apt.conf" dest: "/etc/rsyslog.conf"
owner: "root" owner: "root"
group: "root" group: "root"
mode: "0644" mode: "0644"
when: 'ansible_os_family == "Debian"' when: 'ansible_distribution == "Ubuntu"'
notify: "restart rsyslog" notify: "restart rsyslog"
tags:
- "syslog" # configure rsyslogd - apt
- name: "syslog - config - apt"
ansible.builtin.template:
src: "templates/syslog/rsyslog.d/apt.conf.j2"
dest: "/etc/rsyslog.d/apt.conf"
owner: "root"
group: "root"
mode: "0644"
when: 'ansible_os_family == "Debian"'
notify: "restart rsyslog"
# configure rsyslogd - observium
- name: "syslog - config - remote-logging"
ansible.builtin.template:
src: "templates/syslog/rsyslog.d/remote-logging.j2"
dest: "/etc/rsyslog.d/remote-logging.conf"
owner: "root"
group: "root"
mode: "0644"
when: 'ansible_os_family == "Debian"'
notify: "restart rsyslog"
# configure rsyslogd - observium
- name: "syslog - config - remote-logging"
ansible.builtin.template:
src: "templates/syslog/rsyslog.d/remote-logging.j2"
dest: "/etc/rsyslog.d/remote-logging.conf"
owner: "root"
group: "root"
mode: "0644"
when: 'ansible_os_family == "Debian"'
notify: "restart rsyslog"
tags: tags:
- "syslog" - "syslog"

135
tasks/user.yaml
View file

@ -1,81 +1,74 @@
--- ---
# manage facts # manage users
- name: "user - set default facts for {{ __user['username'] }}" - name: "manage users"
ansible.builtin.set_fact: block:
sudo_hosts: "{{ __user['hosts'] | default('all') }}"
sudo_file: "{{ __user['sudo'] | default('False') }}"
sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
user_state: "{{ __user['state'] | default('present') }}"
tags:
- "usermanagement"
# create users # manage facts
- name: "user - create users with password - {{ __user['username'] }}" - name: "user - set default facts for {{ __user['username'] }}"
ansible.builtin.user: ansible.builtin.set_fact:
name: "{{ __user['username'] }}" sudo_hosts: "{{ __user['hosts'] | default('all') }}"
comment: "{{ __user['name'] }}" sudo_file: "{{ __user['sudo'] | default('False') }}"
password: "{{ __user['password'] }}" sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
shell: "{{ __user['shell'] | default('/bin/bash') }}" user_state: "{{ __user['state'] | default('present') }}"
state: "present"
when:
- "__user['password'] is defined"
- "user_state == 'present'"
tags:
- "usermanagement"
- name: "user - create users withouth password - {{ __user['username'] }}" # create users
ansible.builtin.user: - name: "user - create users with password - {{ __user['username'] }}"
name: "{{ __user['username'] }}" ansible.builtin.user:
comment: "{{ __user['name'] }}" name: "{{ __user['username'] }}"
shell: "{{ __user['shell'] | default('/bin/bash') }}" comment: "{{ __user['name'] }}"
state: "state" password: "{{ __user['password'] }}"
when: shell: "{{ __user['shell'] | default('/bin/bash') }}"
- "__user['password'] is not defined" state: "present"
- "user_state == 'present'" when:
tags: - "__user['password'] is defined"
- "usermanagement" - "user_state == 'present'"
# manage authorized_keys - name: "user - create users withouth password - {{ __user['username'] }}"
- name: "user - manage authorized_keys - {{ __user['username'] }}" ansible.builtin.user:
ansible.posix.authorized_key: name: "{{ __user['username'] }}"
user: "{{ __user['username'] }}" comment: "{{ __user['name'] }}"
key: "{{ __user['publickey'] }}" shell: "{{ __user['shell'] | default('/bin/bash') }}"
state: "present" state: "state"
manage_dir: "true" when:
when: - "__user['password'] is not defined"
- "__user['publickey'] is defined" - "user_state == 'present'"
tags:
- "usermanagement"
# delete users # manage authorized_keys
- name: "user - delete users - {{ __user['username'] }}" - name: "user - manage authorized_keys - {{ __user['username'] }}"
ansible.builtin.user: ansible.posix.authorized_key:
name: "{{ __user['username'] }}" user: "{{ __user['username'] }}"
state: "absent" key: "{{ __user['publickey'] }}"
remove: "yes" state: "present"
when: "user_state == 'absent'" manage_dir: "true"
tags: when:
- "usermanagement" - "__user['publickey'] is defined"
# manage sudoers file # delete users
- name: "user - create sudoers file - {{ __user['username'] }}" - name: "user - delete users - {{ __user['username'] }}"
ansible.builtin.template: ansible.builtin.user:
src: "templates/usermanagement/sudoers.d/sudoers.j2" name: "{{ __user['username'] }}"
dest: "/etc/sudoers.d/{{ __user['username'] }}" state: "absent"
owner: "root" remove: "yes"
group: "root" when: "user_state == 'absent'"
mode: "0644"
when: # manage sudoers file
- "sudo_file" - name: "user - create sudoers file - {{ __user['username'] }}"
tags: ansible.builtin.template:
- "usermanagement" src: "templates/usermanagement/sudoers.d/sudoers.j2"
dest: "/etc/sudoers.d/{{ __user['username'] }}"
owner: "root"
group: "root"
mode: "0644"
when:
- "sudo_file"
- name: "user - delete sudoers file - {{ __user['username'] }}"
ansible.builtin.file:
state: "absent"
path: "/etc/sudoers.d/{{ __user['username'] }}"
when:
- "not sudo_file"
- name: "user - delete sudoers file - {{ __user['username'] }}"
ansible.builtin.file:
state: "absent"
path: "/etc/sudoers.d/{{ __user['username'] }}"
when:
- "not sudo_file"
tags: tags:
- "usermanagement" - "usermanagement"