---
- name: Disable shell session root login
  user:
    name: "{{ item.username }}"
    shell: /sbin/nologin
  loop: "{{ roots }}"
  register: root_deshelled
  when: nonlogin_method == 'deshell'
  tags: ['default', 'root_deshelling']
- name: Lock the root account
  user:
    name: "{{ item.username }}"
    password_lock: yes
  loop: "{{ roots }}"
  register: root_locked
  when: nonlogin_method == 'lock' or nonlogin_method == 'all'
  tags: ['default', 'root_locking']
- name: Disable root account password
  user:
    name: "{{ item.username }}"
    password: "*"
  loop: "{{ roots }}"
  register: root_closed
  when: nonlogin_method == 'close'
  tags: ['default', 'root_closing']
- name: Disable root account password and shell login
  user:
    name: "{{ item.username }}"
    password: "*"
    shell: /sbin/nologin
  loop: "{{ roots }}"
  register: root_delogged
  when: nonlogin_method == 'delog' or nonlogin_method == 'all'
  tags: ['default', 'root_locking']