53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
---
|
|
- block:
|
|
- name: Stat umask files
|
|
stat:
|
|
path: "{{ item }}"
|
|
loop:
|
|
- /etc/bashrc
|
|
- /etc/csh.cshrc
|
|
- /etc/profile
|
|
register: __users_umask_files
|
|
|
|
- name: Override default .bashrc
|
|
template:
|
|
src: etc/bashrc.j2
|
|
dest: "{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop: "{{ users_bash_bashrc_overrides }}"
|
|
|
|
- name: Setup custom bash profile
|
|
template:
|
|
src: etc/profile.d/custom.sh.j2
|
|
dest: /etc/profile.d/custom.sh
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Set global umask
|
|
replace:
|
|
path: "{{ item }}"
|
|
regexp: '^(?i)(?P<umask>\s+UMASK\s+).+'
|
|
replace: \g<umask>{{ users_global_umask }}
|
|
loop: "{{ __users_umask_files | json_query('results[?stat.exists].item') }}"
|
|
|
|
- name: Set umask in /etc/login.defs
|
|
lineinfile:
|
|
path: /etc/login.defs
|
|
regexp: '^(?P<umask>UMASK\s+).+'
|
|
line: \g<umask>{{ users_global_umask }}
|
|
backrefs: yes
|
|
state: present
|
|
|
|
- name: Enforce minimum password lifetime
|
|
lineinfile:
|
|
path: /etc/login.defs
|
|
regexp: '^(?P<passmin>PASS_MIN_DAYS\s+).+'
|
|
line: \g<passmin>{{ users_pass_min_day }}
|
|
backrefs: yes
|
|
state: present
|
|
become: True
|
|
become_user: root
|