ansible/xoxys.users
0
0
Fork 0
Code Issues Pull Requests Releases Activity

refactor: rework umask settings and global session timeout
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2022-09-18 21:44:46 +02:00
parent 55c3698ae3
commit e6096b608c
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
6 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
defaults/main.yml
View File

@ -14,6 +14,7 @@ users_default_users: []
users_default_groups: [] users_default_groups: []
users_global_umask: "022" users_global_umask: "022"
users_session_timeout: 300
users_pass_min_day: 1 users_pass_min_day: 1
users_global_bash_aliases: users_global_bash_aliases:

1
molecule/centos7/converge.yml
View File

@ -2,6 +2,7 @@
- name: Converge - name: Converge
hosts: all hosts: all
vars: vars:
users_global_umask: "027"
users_default_users: users_default_users:
- name: demouser - name: demouser
groups: groups:

1
molecule/rocky8/converge.yml
View File

@ -2,6 +2,7 @@
- name: Converge - name: Converge
hosts: all hosts: all
vars: vars:
users_global_umask: "027"
users_default_users: users_default_users:
- name: demouser - name: demouser
groups: groups:

22
tasks/bash.yml
View File

@ -1,6 +1,6 @@
--- ---
- block: - block:
- name: Override default .bashrc for given users - name: Override default .bashrc
template: template:
src: etc/bashrc.j2 src: etc/bashrc.j2
dest: "{{ item }}" dest: "{{ item }}"
@ -9,7 +9,7 @@
mode: 0644 mode: 0644
loop: "{{ users_bash_bashrc_overrides }}" loop: "{{ users_bash_bashrc_overrides }}"
- name: Setup custom bash profile at '/etc/profile.d/custom.sh' - name: Setup custom bash profile
template: template:
src: etc/profile.d/custom.sh.j2 src: etc/profile.d/custom.sh.j2
dest: /etc/profile.d/custom.sh dest: /etc/profile.d/custom.sh
@ -17,15 +17,17 @@
group: root group: root
mode: 0644 mode: 0644
- name: Set umask to /etc/login.defs - name: Set global umask
lineinfile: replace:
path: /etc/login.defs path: "{{ item }}"
regexp: '^(?P<umask>UMASK\s+).+' regexp: '^(?i)(?P<umask>\s+UMASK\s+).+'
line: \g<umask>{{ users_global_umask }} replace: \g<umask>{{ users_global_umask }}
backrefs: yes loop:
state: present - /etc/bashrc
- /etc/csh.cshrc
- /etc/profile
- name: Enforcing minimum password lifetime - name: Enforce minimum password lifetime
lineinfile: lineinfile:
path: /etc/login.defs path: /etc/login.defs
regexp: '^(?P<passmin>PASS_MIN_DAYS\s+).+' regexp: '^(?P<passmin>PASS_MIN_DAYS\s+).+'

3
tasks/main.yml
View File

@ -9,6 +9,8 @@
- "vars" - "vars"
errors: "ignore" errors: "ignore"
- include_tasks: bash.yml
- include_tasks: "{{ lookup('first_found', params) }}" - include_tasks: "{{ lookup('first_found', params) }}"
vars: vars:
params: params:
@ -20,4 +22,3 @@
- "tasks" - "tasks"
- include_tasks: users_keys.yml - include_tasks: users_keys.yml
- include_tasks: bash.yml

5
templates/etc/profile.d/custom.sh.j2
View File

@ -1,6 +1,9 @@
#jinja2:lstrip_blocks: True #jinja2:lstrip_blocks: True
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
umask {{ users_global_umask }}
TMOUT={{ users_session_timeout }}
readonly TMOUT
export TMOUT
# are we an interactive shell? # are we an interactive shell?
if [ "$PS1" ]; then if [ "$PS1" ]; then