ansible.debian_security/tasks/main.yml

---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
#
# tasks file for debian_security

# Manage required system packages [[[1
- name: Ensure required packages are in there desired state
  package:
    name: '{{ item }}'
    state: '{{ "present" if (deb_sec__deploy_state == "present")
                         else "absent" }}'
    install_recommends: False
  with_flattened:
    - '{{ deb_sec__required_packages | to_nice_json }}'
  register: pkg_result
  until: pkg_result is success

# Debsecan [[[1
# Configuration [[[
- name: Debsecan configuration
  template:
    src: 'etc/default/debsecan.j2'
    dest: '/etc/default/debsecan'
    owner: 'root'
    group: 'root'
    mode: '0644'
  when: (deb_sec__deploy_state == "present")
                                                                   # ]]]
# Cron job [[[
- name: Debsecan disable default cron file
  file:
    path: '/etc/cron.d/debsecan'
    state: absent

- name: Debsecan manage cron job
  cron:
    cron_file: '/etc/cron.d/debsecan_ansible'
    name: 'debsecan_ansible'
    job: '{{ deb_sec__debsecan_cron_job }}'
    disabled: '{{ deb_sec__debsecan_cron_disabled }}'
    special_time: '{{ deb_sec__debsecan_cron_special_time }}'
    user: '{{ deb_sec__debsecan_cron_user }}'
  when: (deb_sec__deploy_state == "present")

- name: Debsecan purge cron job
  file:
    path: '/etc/cron.d/debsecan_ansible'
    state: absent
  when: (deb_sec__deploy_state == "absent")
                                                                   # ]]]
Install debsecan 2018-06-15 15:34:11 +02:00			`---`
			`# .. vim: foldmarker=[[[,]]]:foldmethod=marker`
			`#`
			`# tasks file for debian_security`

			`# Manage required system packages [[[1`
			`- name: Ensure required packages are in there desired state`
			`package:`
			`name: '{{ item }}'`
			`state: '{{ "present" if (deb_sec__deploy_state == "present")`
			`else "absent" }}'`
			`install_recommends: False`
			`with_flattened:`
Use to_nice_json to manage packages list 2019-01-10 16:50:12 +01:00			`- '{{ deb_sec__required_packages \| to_nice_json }}'`
Retries packages installation 2019-02-27 13:47:11 +01:00			`register: pkg_result`
			`until: pkg_result is success`

Debsecan: Configuration 2018-06-15 16:21:09 +02:00			`# Debsecan [[[1`
Debsecan: set cron job 2018-06-15 17:12:30 +02:00			`# Configuration [[[`
Debsecan: Configuration 2018-06-15 16:21:09 +02:00			`- name: Debsecan configuration`
			`template:`
			`src: 'etc/default/debsecan.j2'`
			`dest: '/etc/default/debsecan'`
			`owner: 'root'`
			`group: 'root'`
			`mode: '0644'`
			`when: (deb_sec__deploy_state == "present")`
Debsecan: set cron job 2018-06-15 17:12:30 +02:00			`# ]]]`
			`# Cron job [[[`
			`- name: Debsecan disable default cron file`
			`file:`
			`path: '/etc/cron.d/debsecan'`
			`state: absent`

			`- name: Debsecan manage cron job`
			`cron:`
			`cron_file: '/etc/cron.d/debsecan_ansible'`
			`name: 'debsecan_ansible'`
			`job: '{{ deb_sec__debsecan_cron_job }}'`
			`disabled: '{{ deb_sec__debsecan_cron_disabled }}'`
			`special_time: '{{ deb_sec__debsecan_cron_special_time }}'`
			`user: '{{ deb_sec__debsecan_cron_user }}'`
			`when: (deb_sec__deploy_state == "present")`

			`- name: Debsecan purge cron job`
			`file:`
			`path: '/etc/cron.d/debsecan_ansible'`
			`state: absent`
			`when: (deb_sec__deploy_state == "absent")`
			`# ]]]`