---
- import_tasks: sysctl.yml
  tags: sysctl
- import_tasks: hosts.yml
- import_tasks: apt.yml
  tags: apt
- name: Install intel-microcode
  apt: pkg=intel-microcode
  when: "ansible_processor[1] is search('^(Genuine)?Intel.*') and not ansible_virtualization_role == 'guest'"
  tags: intel
- import_tasks: firewall.yml
  tags:
    - firewall
    - iptables

- import_tasks: stunnel.yml
  tags: stunnel
  when: "'webmail' in group_names and 'LDAP-provider' not in group_names"
- import_tasks: samhain.yml
  tags: samhain
- import_tasks: auditd.yml
  tags: auditd
- import_tasks: rkhunter.yml
  tags: rkhunter
- import_tasks: clamav.yml
  tags: clamav
- import_tasks: fail2ban.yml
  tags: fail2ban
- import_tasks: smart.yml
  tags:
    - smartmontools
    - smart
  when: "not ansible_virtualization_role == 'guest'"
- import_tasks: haveged.yml
  tags:
    - haveged
    - entropy
- name: Copy genkeypair.sh and gendhparam.sh
  copy: src=usr/local/bin/{{ item }}
        dest=/usr/local/bin/{{ item }}
        owner=root group=staff
        mode=0755
  tags: genkey
  with_items:
    - genkeypair.sh
    - gendhparam.sh
- name: Generate DH parameters
  command: gendhparam.sh /etc/ssl/dhparams.pem 2048
           creates=/etc/ssl/dhparams.pem
  tags: genkey
- import_tasks: ipsec.yml
  tags:
    - strongswan
    - ipsec
  when: "groups.all | length > 1"
- import_tasks: logging.yml
  tags: logging
- import_tasks: ntp.yml
  tags: ntp
- import_tasks: mail.yml
  tags:
    - mail
    - postfix
- import_tasks: bacula.yml
  tags:
    - bacula-fd
    - bacula
- import_tasks: munin-node.yml
  tags:
    - munin-node
    - munin

- name: Install common packages
  apt: pkg={{ item }}
  with_items:
    - ca-certificates
    - etckeeper
    - ethtool
    - git
    - htop
    - molly-guard
    - rsync
    - screen
    - telnet-ssl