/
/
/
1---
2- name: Ensure UMASK in login.defs
3 ansible.builtin.lineinfile:
4 path: /etc/login.defs
5 regexp: '^UMASK'
6 line: "UMASK {{ system_umask }}"
7 state: present
8 become: true
9
10- name: Set umask in /etc/profile
11 ansible.builtin.lineinfile:
12 path: /etc/profile
13 regexp: '^umask'
14 line: "umask {{ system_umask }}"
15 state: present
16 become: true
17
18- name: Set umask in /etc/bash.bashrc
19 ansible.builtin.lineinfile:
20 path: /etc/bash.bashrc
21 regexp: '^umask'
22 line: "umask {{ system_umask }}"
23 state: present
24 become: true
25 when: ansible_os_family == "Debian"
26
27- name: Create systemd user.conf.d directory
28 ansible.builtin.file:
29 path: /etc/systemd/user.conf.d
30 state: directory
31 mode: '0755'
32 become: true
33
34- name: Configure systemd user service umask
35 ansible.builtin.copy:
36 content: |
37 [Manager]
38 DefaultUMask={{ system_umask }}
39 dest: /etc/systemd/user.conf.d/10-umask.conf
40 mode: '0644'
41 become: true
42 notify: systemd daemon-reload
43
44