--- # .. vim: foldmarker=[[[,]]]:foldmethod=marker # # tasks file for debian_security # Manage required system packages [[[1 - name: Ensure required packages are in there desired state package: name: '{{ item }}' state: '{{ "present" if (deb_sec__deploy_state == "present") else "absent" }}' install_recommends: False with_flattened: - '{{ deb_sec__required_packages | to_nice_json }}' register: pkg_result until: pkg_result is success # Debsecan [[[1 # Configuration [[[ - name: Debsecan configuration template: src: 'etc/default/debsecan.j2' dest: '/etc/default/debsecan' owner: 'root' group: 'root' mode: '0644' when: (deb_sec__deploy_state == "present") # ]]] # Cron job [[[ - name: Debsecan disable default cron file file: path: '/etc/cron.d/debsecan' state: absent - name: Debsecan manage cron job cron: cron_file: '/etc/cron.d/debsecan_ansible' name: 'debsecan_ansible' job: '{{ deb_sec__debsecan_cron_job }}' disabled: '{{ deb_sec__debsecan_cron_disabled }}' special_time: '{{ deb_sec__debsecan_cron_special_time }}' user: '{{ deb_sec__debsecan_cron_user }}' when: (deb_sec__deploy_state == "present") - name: Debsecan purge cron job file: path: '/etc/cron.d/debsecan_ansible' state: absent when: (deb_sec__deploy_state == "absent") # ]]]