From f7dba5f511900377bdbb75bcaa557c1e610fa6a3 Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Mon, 8 May 2023 12:23:13 +0300
Subject: [PATCH] users: implement user removal

---
 roles/users/tasks/main.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml
index 1b2a18e..06b166d 100644
--- a/roles/users/tasks/main.yml
+++ b/roles/users/tasks/main.yml
@@ -4,19 +4,31 @@
   package:
     name: sudo
 
-- name: Create users
+- name: Fail if removing the current user
+  fail:
+    msg: Refusing to delete the user used to run this play
+  when:
+    - item.name == ansible_user_id
+    - item.state is defined
+    - item.state == 'absent'
+  loop: "{{ users }}"
+  become: false
+
+- name: Ensure users in correct state
   user:
     name: "{{ item.name }}"
     password: "{{ item.password }}"
     shell: "{{ item.shell | default('/bin/bash') }}"
     groups:
       - sudo
+    state: "{{ item.state | default('present') }}"
   loop: "{{ users }}"
 
 - name: Set ssh authorized keys for users
   authorized_key:
     user: "{{ item.name }}"
     key: "{{ item.ssh_pubkey }}"
+  when: item.state | default('present') == 'present'
   loop: "{{ users }}"
 
 - name: Disable login as root with ssh key