Made state status and copied file ownership explicit

2025-09-05 18:52:18 -04:00
parent a39d7a78ae
commit 6ea6e14c82
1 changed files with 8 additions and 2 deletions
--- a/.ansible/roles/lockdown/tasks/main.yml
+++ b/.ansible/roles/lockdown/tasks/main.yml
@@ -31,8 +31,6 @@
        uid: 1000
        password: "{{ item.password }}"
        append: yes
-        groups:
-          - sudo
        shell: /bin/bash
        generate_ssh_key: yes
        password_expire_min: 93
@@ -84,6 +82,7 @@
        owner: "{{ item.name }}"
        group: "{{ item.name }}"
        mode: "0600"
+        state: present
      tags:
        - other_users
        - others_ssh
@@ -101,6 +100,7 @@
        owner: "{{ created_admin.name }}"
        group: "{{ created_admin.name }}"
        mode: "0600"
+        state: present
      tags:
        - default
        - administrative_user
@@ -129,7 +129,10 @@
        dest: /etc/ssh/sshd_config.d/auth.conf
        force: yes
        backup: yes
+        owner: root
+        group: root
        mode: "0644"
+        state: present
      tags:
        - depass_root
      register: constrained_auth
@@ -139,7 +142,10 @@
        dest: /etc/ssh/sshd_config.d/denyroot.conf
        force: yes
        backup: yes
+        owner: root
+        group: root
        mode: "0644"
+        state: present
      tags:
        - prohib_root_ssh
      register: prohibited_root_ssh_login