7 files changed, 7 insertions, 28 deletions

diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml
index e56deaf..563075f 100644
--- a/roles/common/tasks/fail2ban.yml
+++ b/roles/common/tasks/fail2ban.yml
@@ -1,22 +1,6 @@
 - name: Install fail2ban
   apt: pkg=fail2ban
 
-# Log into a dedicate directory so we can use ReadWriteDirectories in
-# the .service file
-- name: Create directory /var/log/fail2ban
-  file: path=/var/log/fail2ban
-        state=directory
-        owner=root group=adm
-        mode=0750
-
-- name: Fix fail2ban logrotate snippet
-  lineinfile: dest=/etc/logrotate.d/fail2ban
-              state=present
-              line="/var/log/fail2ban/*.log"
-              insertbefore="^[^#]*\\s{$"
-  tags:
-    - logrotate
-
 - name: Configure fail2ban (fail2ban.local)
   copy: src=etc/fail2ban/fail2ban.local
         dest=/etc/fail2ban/fail2ban.local
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index 4fc2ef7..917c687 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -3,6 +3,7 @@
   vars:
     packages:
     - strongswan-charon
+    - strongswan-starter
       # for the GCM and openssl plugins
     - libstrongswan-standard-plugins
   notify:
diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml
index b602a49..2b4a42a 100644
--- a/roles/common/tasks/logging.yml
+++ b/roles/common/tasks/logging.yml
@@ -3,7 +3,6 @@
   vars:
     packages:
     - rsyslog
-    - syslog-summary
     - logcheck
     - logcheck-database
     - logrotate
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index fc692fa..a6795ba 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -82,6 +82,7 @@
     - molly-guard
     - rsync
     - screen
+    - bind9-dnsutils
 
 - name: Disable resume device
   # Cf. initramfs-tools(7) and initramfs.conf(5).
diff --git a/roles/common/tasks/ntp.yml b/roles/common/tasks/ntp.yml
index 60ffef9..2ff9e49 100644
--- a/roles/common/tasks/ntp.yml
+++ b/roles/common/tasks/ntp.yml
@@ -1,9 +1,12 @@
-- name: Install/Remove ntp
-  # TODO bullseye: install new package 'systemd-timesyncd'
+- name: Remove ntp package
   apt: pkg=ntp state={{ state }} purge=yes
   vars:
     state: "{{ ('NTP_master' in group_names) | ternary('present', 'absent') }}"
 
+- name: Install systemd-timesyncd package
+  apt: pkg=systemd-timesyncd state=present purge=yes
+  when: "'NTP_master' not in group_names"
+
 - name: Create /etc/systemd/timesyncd.conf.d
   file: path=/etc/systemd/timesyncd.conf.d
         state=directory
diff --git a/roles/common/tasks/smart.yml b/roles/common/tasks/smart.yml
index 8d35d9f..68e507f 100644
--- a/roles/common/tasks/smart.yml
+++ b/roles/common/tasks/smart.yml
@@ -1,12 +1,5 @@
 - name: Install smartmontools
   apt: pkg=smartmontools
 
-- name: Auto-enable smartmontools
-  lineinfile: dest=/etc/default/smartmontools
-              regexp='^(\s*#)?\s*start_smartd='
-              line='start_smartd=yes'
-              owner=root group=root
-              mode=0644
-
 - name: Start smartd
   service: name=smartmontools state=started
diff --git a/roles/common/tasks/sysctl.yml b/roles/common/tasks/sysctl.yml
index f95b7fa..08a1b13 100644
--- a/roles/common/tasks/sysctl.yml
+++ b/roles/common/tasks/sysctl.yml
@@ -13,11 +13,9 @@
 
       # Disable SYN cookies and improve SYN backlog handling, see tcp(7) and
       # https://levelup.gitconnected.com/linux-kernel-tuning-for-high-performance-networking-high-volume-incoming-connections-196e863d458a
-      # TODO bullseye: remove net.core.somaxconn as 5.4 and later default to 4096
     - { name: 'net.ipv4.tcp_syncookies',      value: 0     }
     - { name: 'net.ipv4.tcp_synack_retries',  value: 1     }
     - { name: 'net.ipv4.tcp_max_syn_backlog', value: 32768 }
-    - { name: 'net.core.somaxconn',           value: 4096  }
 
       # We rate-limit not only the default ICMP types 3, 4, 11 and 12
       # (0x1818), but also types 0 and 8. See icmp(7).