--- - block: - name: Stat umask files stat: path: "{{ item }}" loop: - /etc/bashrc - /etc/csh.cshrc - /etc/profile register: __users_umask_files - name: Stat pwquality files stat: path: "/etc/security/pwquality.conf" register: __users_pwquality_file - name: Set global umask replace: path: "{{ item }}" regexp: '^(?i)(?P\s+UMASK\s+).+' replace: \g{{ users_global_umask }} loop: "{{ __users_umask_files | json_query('results[?stat.exists].item') }}" - name: Set umask in /etc/login.defs lineinfile: path: /etc/login.defs regexp: '^(?PUMASK\s+).+' line: \g{{ users_global_umask }} backrefs: yes state: present - name: Enforce minimum password lifetime lineinfile: path: /etc/login.defs regexp: '^(?PPASS_MIN_DAYS\s+).+' line: \g{{ users_pass_min_day }} backrefs: yes state: present - name: Set default account expiration after inactivity lineinfile: path: /etc/default/useradd regexp: "^(?PINACTIVE=).+" line: \g{{ users_default_inactive }} backrefs: yes state: present - name: Set pwquality if available template: src: etc/security/pwquality.conf.j2 dest: /etc/security/pwquality.conf owner: root group: root mode: 0644 when: __users_pwquality_file.stat.exists | bool become: True become_user: root