Tweaking:

- Ansible Playbooks refinement - Add Ansible Bootstrapping - Add some notes
2025-07-02 01:27:27 -04:00 · 2023-07-05 17:55:59 +02:00
parent 69be264eae
commit b3f1b71054
7 changed files with 167 additions and 37 deletions
--- a/installer/remove/inventory.yml
+++ b/installer/remove/inventory.yml
@ -0,0 +1,8 @@
+tpotce:
+  hosts:
+    # Remote IP address, host name or alias:
+    192.168.100.100:
+      # Remote SSH port:
+      ansible_port: 22
+      # Remote SSH user:
+      ansible_user: tsec
--- a/installer/remove/sudo.yml
+++ b/installer/remove/sudo.yml
@ -1,28 +1,55 @@
 ---
-# Become needs to happen in the task or root will be added to the sudo group instead of the user
- name: On Debian, remove sudo
+################################
+# T-Pot - Debian Remove (sudo) #
+################################
+
+# Be sure to use root password as become password
+- name: T-Pot - Debian Remove (sudo)
  hosts: all
  gather_facts: true
  become: false

-  pre_tasks:
-    - name: Check for non-root user id
-      debug:
-        msg: "Detected user: '{{ ansible_user_id }}'"
-      failed_when: ansible_user_id == "root"
+  tasks:
+    - name: Check if running as root
+      assert:
+        that: ansible_user != 'root'
+        fail_msg: "T-Pot playbook should not be run as root."
+        success_msg: "Running as user: {{ ansible_user }}."
+      tags:
+        - "Debian"
+
+    - name: Check if running as tpot
+      assert:
+        that: ansible_user != 'tpot'
+        fail_msg: "Reserved username `tpot` detected."
+        success_msg: "Running as user: {{ ansible_user }}."
+      tags:
+        - "Debian"

    - name: Remove current user from sudo group
      become: true
      become_method: su
      command: gpasswd -d "{{ ansible_user_id  }}" sudo
      when: ansible_distribution == "Debian"
+      tags:
+        - "Debian"

    - name: Uninstall sudo package if present
      become: true
      become_method: su
-      apt:
+      package:
        name: sudo
        state: absent
        update-cache: no
      when: ansible_distribution == "Debian"
+      tags:
+        - "Debian"

+    - name: Remove sudoers file for ansible_user_id
+      become: true
+      become_method: su
+      file:
+        path: /etc/sudoers.d/{{ ansible_user_id }}
+        state: absent
+      tags:
+        - "Debian"