feat: deploy pwpolicy if available
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Robert Kaussow 2022-09-20 10:01:40 +02:00
parent 3d6f7b9129
commit 5a08723238
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
4 changed files with 23 additions and 1 deletions

View File

@ -17,6 +17,10 @@ users_global_umask: "022"
users_pass_min_day: 1 users_pass_min_day: 1
users_default_inactive: -1 users_default_inactive: -1
users_password_pam_retry: 3
users_password_pam_minlen: 14
users_password_pam_minclass: 4
users_global_bash_aliases: users_global_bash_aliases:
- alias: "ll" - alias: "ll"
command: "ls -lh" command: "ls -lh"

View File

@ -9,6 +9,11 @@
- /etc/profile - /etc/profile
register: __users_umask_files register: __users_umask_files
- name: Stat pwquality files
stat:
path: "/etc/security/pwquality.conf"
register: __users_pwquality_file
- name: Set global umask - name: Set global umask
replace: replace:
path: "{{ item }}" path: "{{ item }}"
@ -39,5 +44,14 @@
line: \g<inactive>{{ users_default_inactive }} line: \g<inactive>{{ users_default_inactive }}
backrefs: yes backrefs: yes
state: present state: present
- name: Set pwquality if available
template:
src: etc/security/pwquality.conf.j2
dest: /etc/security/pwquality.conf
owner: root
group: root
mode: 0644
when: __users_pwquality_file.stat.exists | bool
become: True become: True
become_user: root become_user: root

View File

@ -1,6 +1,5 @@
#jinja2:lstrip_blocks: True #jinja2:lstrip_blocks: True
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
# are we an interactive shell? # are we an interactive shell?
if [ "$PS1" ]; then if [ "$PS1" ]; then
if [[ ${EUID} == 0 ]] ; then if [[ ${EUID} == 0 ]] ; then

View File

@ -0,0 +1,5 @@
#jinja2:lstrip_blocks: True
{{ ansible_managed | comment }}
retry = {{ users_password_pam_retry }}
minlen = {{ users_password_pam_minlen }}
minclass = {{ users_password_pam_minclass }}