public-health-ch/ansible/roles/dev-sec.os-hardening/default.yml

---
- name: wrapper playbook for kitchen testing "ansible-os-hardening" with custom vars for testing
  hosts: localhost
  roles:
    - ansible-os-hardening
  vars:
    os_security_users_allow: change_user
    os_security_kernel_enable_core_dump: false
    os_security_suid_sgid_remove_from_unknown: true
    os_auth_pam_passwdqc_enable: false
    os_desktop_enable: true
    os_env_extra_user_paths: ['/home']
    os_auth_allow_homeless: true
    os_security_suid_sgid_blacklist: ['/bin/umount']
    os_security_suid_sgid_whitelist: ['/usr/bin/rlogin']

- name: wrapper playbook for kitchen testing "ansible-os-hardening"
  hosts: localhost
  roles:
    - ansible-os-hardening