set 0700 home directory permissions by default

2023-07-16 12:34:27 +02:00
parent c02f093d5b
commit 543b3f6d96
2 changed files with 9 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -15,3 +15,5 @@ generate_ssh_key: true
 ssh_key_type: ed25519
 # Shell
 shell: /bin/bash
+# Home directory permissions
+homedir_permissions: "0700"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -27,7 +27,7 @@
    # None of the special cases has been handled before
    - password_value is not defined
  block:
-    - name: Create idempotent salt for {{ username }}'s password
+    - name: Create idempotent salt for password of {{ username }}
      set_fact:
        salt: "{{ ((username + inventory_hostname) | hash('sha512'))[:16] }}"

@@ -51,3 +51,9 @@
    # Groups
    groups: "{{ user_groups }}"
    append: "{{ groups_append }}"
+
+- name: Ensure correct directory settings for user {{ username }}
+  ansible.builtin.file:
+    path: "/home/{{ username }}"
+    state: directory
+    mode: "{{ homedir_permissions }}"