9 files changed, 27 insertions, 18 deletions

diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml
index 2f5a62a..8df3e8f 100644
--- a/roles/common/tasks/apt.yml
+++ b/roles/common/tasks/apt.yml
@@ -1,23 +1,24 @@
 - name: Install various APT tools
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - apt
     - apt-listchanges
     - apt-show-versions
     - debian-archive-keyring
     - debian-goodies
     - needrestart
     - unattended-upgrades
     - debfoster
     - deborphan
     - debsums
 
 - name: Configure APT (1)
   template: src=etc/apt/{{ item }}.j2
             dest=/etc/apt/{{ item }}
             owner=root group=root
             mode=0644
   with_items:
     - sources.list
     - preferences
   notify:
diff --git a/roles/common/tasks/clamav.yml b/roles/common/tasks/clamav.yml
index 28a8460..437387b 100644
--- a/roles/common/tasks/clamav.yml
+++ b/roles/common/tasks/clamav.yml
@@ -1,23 +1,24 @@
 - name: Install ClamAV
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - clamav
     - clamav-daemon
     - clamav-freshclam
 
 - name: Configure FreshClam
   template: src=etc/clamav/freshclam.conf.j2
             dest=/etc/clamav/freshclam.conf
             owner=clamav group=adm
             mode=0444
   tags: freshclam
   notify:
     - Restart freshclam
 
 - name: Start ClamAV
   service: name={{ item }} state=started
   with_items:
     - clamav-daemon
     - clamav-freshclam
 
 - name: Add a 'clamav' alias
diff --git a/roles/common/tasks/firewall.yml b/roles/common/tasks/firewall.yml
index d418326..133b631 100644
--- a/roles/common/tasks/firewall.yml
+++ b/roles/common/tasks/firewall.yml
@@ -1,23 +1,24 @@
 - name: Install some packages required for the firewall
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - iptables
     - netmask
     - bsdutils
 
 - name: Create directory /etc/iptables
   file: path=/etc/iptables
         state=directory
         owner=root group=root
         mode=0755
 
 - name: Generate /etc/iptables/services
   template: src=etc/iptables/services.j2
             dest=/etc/iptables/services
             owner=root group=root
             mode=0600
 
 - name: Copy /usr/local/sbin/update-firewall.sh
   copy: src=usr/local/sbin/update-firewall.sh
         dest=/usr/local/sbin/update-firewall.sh
         owner=root group=staff
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index ce158fe..989541b 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -1,23 +1,24 @@
 - name: Install strongSwan
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - strongswan-charon
       # for the GCM and openssl plugins
     - libstrongswan-standard-plugins
   notify:
     - Update firewall
     - Restart IPsec
 
 - name: Auto-create a dedicated virtual subnet for IPsec
   template: src=etc/network/if-up.d/ipsec.j2
             dest=/etc/network/if-up.d/ipsec
             owner=root group=root
             mode=0755
   notify:
     - Reload networking
 
 - name: Auto-deactivate the dedicated virtual subnet for IPsec
   file: src=../if-up.d/ipsec
         dest=/etc/network/if-down.d/ipsec
         owner=root group=root state=link force=yes
 
diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml
index b27fc41..b602a49 100644
--- a/roles/common/tasks/logging.yml
+++ b/roles/common/tasks/logging.yml
@@ -1,23 +1,24 @@
 - name: Install logging server & utilities
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - rsyslog
     - syslog-summary
     - logcheck
     - logcheck-database
     - logrotate
 
 - name: Configure rsyslog
   copy: src=etc/rsyslog.conf
         dest=/etc/rsyslog.conf
         owner=root group=root
         mode=0644
   register: r1
   notify:
     - Restart rsyslog
   tags:
     - syslog
 
 - name: Configure postfix's custom rsyslog rules
   template: src=etc/rsyslog.d/postfix.conf.j2
             dest=/etc/rsyslog.d/postfix.conf
diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml
index 49815f5..139386f 100644
--- a/roles/common/tasks/mail.yml
+++ b/roles/common/tasks/mail.yml
@@ -1,23 +1,24 @@
 - name: Install Postfix
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     # That one is nicer than GNU mailutils' mailx(1)
     - s-nail
     - postfix
     - postfix-lmdb
 
 - name: Create Postfix instances
   postmulti: instance={{ postfix_instance[item].name }}
              group={{ postfix_instance[item].group | default('') }}
   register: r1
   with_items: "{{ postfix_instance.keys() | intersect(group_names) | list }}"
   notify:
     - Restart Postfix
 
 - name: Link the dynamic maps of each children to the master's
   # main.cf and master.cf are specialized to each dedicated role, though
   file: src=../postfix/dynamicmaps.cf
         dest=/etc/postfix-{{ postfix_instance[item].name }}/dynamicmaps.cf
         owner=root group=root
         state=link force=yes
   register: r2
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index c978e91..7795da8 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -52,31 +52,32 @@
     - ipsec
   when: "groups.all | length > 1"
 - import_tasks: logging.yml
   tags: logging
 - import_tasks: ntp.yml
   tags: ntp
 - import_tasks: mail.yml
   tags:
     - mail
     - postfix
 - import_tasks: bacula.yml
   tags:
     - bacula-fd
     - bacula
 - import_tasks: munin-node.yml
   tags:
     - munin-node
     - munin
 
 - name: Install common packages
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - ca-certificates
     - etckeeper
     - ethtool
     - git
     - htop
     - molly-guard
     - rsync
     - screen
     - telnet-ssl
diff --git a/roles/common/tasks/munin-node.yml b/roles/common/tasks/munin-node.yml
index d4f8d95..f43094a 100644
--- a/roles/common/tasks/munin-node.yml
+++ b/roles/common/tasks/munin-node.yml
@@ -1,23 +1,24 @@
 - name: Install munin-node
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - munin-node
     - munin-plugins-extra
     ###
     - acpi
     - lm-sensors
     - ethtool
     - hdparm
     - libwww-perl
     - libxml-simple-perl
     - logtail
 
 - name: Create directory /usr/local/share/munin/plugins
   file: path=/usr/local/share/munin/plugins
         state=directory
         owner=root group=root
         mode=0755
 
 - name: Copy our own Munin plugins
   copy: src={{ item }}
         dest=/usr/local/share/munin/plugins/
diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml
index c9d26fa..64f2aac 100644
--- a/roles/common/tasks/rkhunter.yml
+++ b/roles/common/tasks/rkhunter.yml
@@ -1,23 +1,24 @@
 - name: Install rkhunter
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - rkhunter
     - curl
     - iproute2
     - lsof
     - unhide
 
 # To test the configuration:
 #   ansible all -m command -a '/usr/bin/rkhunter -c --nomow --rwo'
 - name: Configure rkhunter
   copy: src=etc/{{ item }}
         dest=/etc/{{ item }}
         owner=root group=root
         mode=0644
   with_items:
     - rkhunter.conf
     - default/rkhunter
   notify:
     # This might not always be necessary, but it's not like we would
     # change the config every day...
     - Update rkhunter's data file