---
################################
# T-Pot - Debian Remove (sudo) #
################################

# Be sure to use root password as become password
- name: T-Pot - Debian Remove (sudo)
  hosts: all
  gather_facts: true
  become: false

  tasks:
    - name: Check if running as root
      assert:
        that: ansible_user != 'root'
        fail_msg: "T-Pot playbook should not be run as root."
        success_msg: "Running as user: {{ ansible_user }}."
      tags:
        - "Debian"

    - name: Check if running as tpot
      assert:
        that: ansible_user != 'tpot'
        fail_msg: "Reserved username `tpot` detected."
        success_msg: "Running as user: {{ ansible_user }}."
      tags:
        - "Debian"

    - name: Remove current user from sudo group
      become: true
      become_method: su
      command: gpasswd -d "{{ ansible_user_id  }}" sudo
      when: ansible_distribution == "Debian"
      tags:
        - "Debian"

    - name: Uninstall sudo package if present
      become: true
      become_method: su
      package:
        name: sudo
        state: absent
        update-cache: no
      when: ansible_distribution == "Debian"
      tags:
        - "Debian"

    - name: Remove sudoers file for ansible_user_id
      become: true
      become_method: su
      file:
        path: /etc/sudoers.d/{{ ansible_user_id }}
        state: absent
      tags:
        - "Debian"