fix: add users_pass_min_day and enforce users_global_umask

defaults/main.yml

@@ -13,7 +13,9 @@ users_default_users: []
 
 users_default_groups: []
 
-users_default_umask: "022"
+users_global_umask: "022"
+users_pass_min_day: 1
+
 users_global_bash_aliases:
   - alias: "ll"
     command: "ls -lh"

tasks/bash.yml

@@ -16,5 +16,21 @@
         owner: root
         group: root
         mode: 0644
+
+    - name: Set umask to /etc/login.defs
+      lineinfile:
+        path: /etc/login.defs
+        regexp: '^UMASK(\s+)'
+        line: 'UMASK\1{{ users_global_umask }}'
+        backrefs: yes
+        state: present
+
+    - name: Enforcing minimum password lifetime
+      lineinfile:
+        path: /etc/login.defs
+        regexp: '^PASS_MIN_DAYS(\s+)'
+        line: 'PASS_MIN_DAYS\1{{ users_pass_min_day }}'
+        backrefs: yes
+        state: present
   become: True
   become_user: root

tasks/users_default.yml

@@ -1,12 +1,12 @@
 ---
 - block:
-    - name: Create common groups
+    - name: Create groups
       group:
         name: "{{ item }}"
         state: present
       loop: "{{ users_default_groups }}"
 
-    - name: Create common users
+    - name: Create users
       user:
         name: "{{ item.name }}"
         groups: "{{ item.groups | default([]) | join(',') or omit }}"

templates/etc/profile.d/custom.sh.j2

@@ -1,6 +1,6 @@
 #jinja2:lstrip_blocks: True
 {{ ansible_managed | comment }}
-umask {{ users_default_umask }}
+umask {{ users_global_umask }}
 
 # are we an interactive shell?
 if [ "$PS1" ]; then