diff --git a/defaults/main/umask.yml b/defaults/main/umask.yml
index 3e7f7e4e..b3ee7355 100644
--- a/defaults/main/umask.yml
+++ b/defaults/main/umask.yml
@@ -1,2 +1,3 @@
 ---
+session_timeout: 900
 umask_value: "077"
diff --git a/tasks/umask.yml b/tasks/umask.yml
index c7e54ca7..348ce91e 100644
--- a/tasks/umask.yml
+++ b/tasks/umask.yml
@@ -188,32 +188,13 @@
   tags:
     - umask
 
-- name: Set TMOUT in /etc/profile
-  become: true
-  block:
-    - name: Configure readonly TMOUT
-      ansible.builtin.lineinfile:
-        line: readonly TMOUT
-        dest: /etc/profile
-        mode: "0644"
-        state: present
-        create: false
-        insertbefore: ^export
-
-    - name: Set TMOUT
-      ansible.builtin.lineinfile:
-        line: TMOUT=900
-        dest: /etc/profile
-        mode: "0644"
-        state: present
-        create: false
-        insertbefore: ^readonly TMOUT
-
-    - name: Export TMOUT
-      ansible.builtin.lineinfile:
-        line: export TMOUT
-        dest: /etc/profile
-        mode: "0644"
-        state: present
-        create: false
-        insertafter: ^readonly TMOUT
+- name: Configure session timeout
+  become: true
+  ansible.builtin.lineinfile:
+    line: declare -xr TMOUT={{ session_timeout }}
+    dest: /etc/profile
+    mode: "0644"
+    state: present
+    create: false
+    insertbefore: ^export
+  when: session_timeout