Whitelist multiple services of proc's hidepid feature

Not only required for systemd-logind, but also for user@.service

group_vars/all/vars.yml

@@ -100,6 +100,10 @@ raspbian_repository_use_sources: yes
 
 global_fstab_file: "/etc/fstab"
 
+global_proc_hidepid_service_whitelist:
+  - "{{ global_systemd_login_service_name }}"
+  - "{{ global_systemd_user_service_name }}"
+
 global_users_directory: "/home"
 
 # Application configurations
@@ -193,6 +197,7 @@ global_systemd_login_service_name: "systemd-logind.service"
 global_systemd_network_directory: "/etc/systemd/network"
 global_systemd_network_service_name: "systemd-networkd.service"
 global_systemd_network_system_user: "systemd-network"
+global_systemd_user_service_name: "user@.service"
 
 global_zsh_antigen_source: "/usr/share/zsh-antigen/antigen.zsh"
 

roles/common/tasks/kernel_hidepid.yml

@@ -18,20 +18,22 @@
       nosuid,nodev,noexec,hidepid=2,gid=proc
       0 0
 
-- name: Ensure configuration directory for systemd-logind service exists
+- name: Ensure configuration directory for whitelisted services exist
   file:
     state: directory
-    path: "{{ global_systemd_configuration_directory }}/{{ global_systemd_login_service_name }}.d"
+    path: "{{ global_systemd_configuration_directory }}/{{ item }}.d"
     owner: root
     group: root
     mode: u=rwx,g=rx,o=rx
+  loop: "{{ global_proc_hidepid_service_whitelist }}"
 
-- name: Configure systemd-logind to adapt to hidepid setting
+- name: Configure whitelisted services to adapt to hidepid setting
   copy:
     content: |
       [Service]
       SupplementaryGroups=proc
-    dest: "{{ global_systemd_configuration_directory }}/{{ global_systemd_login_service_name }}.d/hidepid.conf"
+    dest: "{{ global_systemd_configuration_directory }}/{{ item }}.d/proc_hidepid_whitelist.conf"
     owner: root
     group: root
     mode: u=rw,g=r,o=r
+  loop: "{{ global_proc_hidepid_service_whitelist }}"