diff --git a/tasks/main.yml b/tasks/main.yml index 53bc501..37e5585 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,2 +1,31 @@ --- -- include_tasks: pam.yml +- block: + - name: Set pam module configuration + pamd: + name: "{{ item.name | default('system-auth') }}" + type: "{{ item.type | default('auth') }}" + module_path: "{{ item.module_path | default('pam_unix.so') }}" + control: "{{ item.control }}" + new_type: "{{ item.new_type | default(omit) }}" + new_module_path: "{{ item.new_module_path | default(omit) }}" + new_control: "{{ item.new_control | default(omit) }}" + state: "{{ item.state | default('args_present') }}" + module_arguments: "{{ item.module_arguments | default(omit) }}" + loop: "{{ pam_settings + pam_settings_extra }}" + loop_control: + label: "{{ item.name | default('system-auth') }}:{{ item.state | default('args_present') }}: {{ item.new_type | default(item.type) | default('auth') }} {{ item.new_control | default(item.control) }} {{ item.new_module_path | default(item.module_path) | default('pam_unix.so') }} {{ item.module_arguments | default([]) | join(' ') }}" + + - name: Auto-update items with state before/after + pamd: + name: "{{ item.name | default('system-auth') }}" + type: "{{ item.new_type }}" + module_path: "{{ item.new_module_path }}" + control: "{{ item.new_control }}" + state: updated + module_arguments: "{{ item.module_arguments | default(omit) }}" + loop: "{{ pam_settings + pam_settings_extra }}" + loop_control: + label: "{{ item.name | default('system-auth') }}:{{ item.state | default('args_present') }}: {{ item.new_type | default(item.type) | default('auth') }} {{ item.new_control | default(item.control) }} {{ item.new_module_path | default(item.module_path) | default('pam_unix.so') }} {{ item.module_arguments | default([]) | join(' ') }}" + when: item.state | default("args_present") == "before" or item.state | default("args_present") == "after" + become: True + become_user: root diff --git a/tasks/pam.yml b/tasks/pam.yml deleted file mode 100644 index 37e5585..0000000 --- a/tasks/pam.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- block: - - name: Set pam module configuration - pamd: - name: "{{ item.name | default('system-auth') }}" - type: "{{ item.type | default('auth') }}" - module_path: "{{ item.module_path | default('pam_unix.so') }}" - control: "{{ item.control }}" - new_type: "{{ item.new_type | default(omit) }}" - new_module_path: "{{ item.new_module_path | default(omit) }}" - new_control: "{{ item.new_control | default(omit) }}" - state: "{{ item.state | default('args_present') }}" - module_arguments: "{{ item.module_arguments | default(omit) }}" - loop: "{{ pam_settings + pam_settings_extra }}" - loop_control: - label: "{{ item.name | default('system-auth') }}:{{ item.state | default('args_present') }}: {{ item.new_type | default(item.type) | default('auth') }} {{ item.new_control | default(item.control) }} {{ item.new_module_path | default(item.module_path) | default('pam_unix.so') }} {{ item.module_arguments | default([]) | join(' ') }}" - - - name: Auto-update items with state before/after - pamd: - name: "{{ item.name | default('system-auth') }}" - type: "{{ item.new_type }}" - module_path: "{{ item.new_module_path }}" - control: "{{ item.new_control }}" - state: updated - module_arguments: "{{ item.module_arguments | default(omit) }}" - loop: "{{ pam_settings + pam_settings_extra }}" - loop_control: - label: "{{ item.name | default('system-auth') }}:{{ item.state | default('args_present') }}: {{ item.new_type | default(item.type) | default('auth') }} {{ item.new_control | default(item.control) }} {{ item.new_module_path | default(item.module_path) | default('pam_unix.so') }} {{ item.module_arguments | default([]) | join(' ') }}" - when: item.state | default("args_present") == "before" or item.state | default("args_present") == "after" - become: True - become_user: root