From 33621ca937a96cbd027240a1620bc891c08a02b4 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 25 May 2019 02:53:21 +0200
Subject: loop vs. with - the beginnings...

---
 roles/base/tasks/main.yml | 12 ++++++------
 roles/sshd/tasks/main.yml | 12 ++++++------
 roles/zsh/tasks/main.yml  | 10 +++++-----
 3 files changed, 17 insertions(+), 17 deletions(-)

(limited to 'roles')

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 3c480213..de180a15 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -40,7 +40,7 @@
   - screen
 
 - name: install htop config (1/2)
-  with_items:
+  loop:
   - /root
   - /etc/skel
   file:
@@ -49,7 +49,7 @@
     mode: 0700
 
 - name: install htop config (2/2)
-  with_items:
+  loop:
   - /root
   - /etc/skel
   copy:
@@ -65,6 +65,7 @@
     state: directory
 
 - name: disable net/fs/misc kernel modules
+  loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"
   lineinfile:
     dest: /etc/modprobe.d/disablemod.conf
     line: "install {{ item }} /bin/true"
@@ -72,9 +73,11 @@
     owner: root
     group: root
     mode: 0644
-  with_items: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"
 
 - name: Change various sysctl-settings, look at the sysctl-vars file for documentation
+  loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}"
+  loop_control:
+    label: "{{ item.key }} = {{ item.value }}"
   sysctl:
     name: "{{ item.key }}"
     value: "{{ item.value }}"
@@ -82,9 +85,6 @@
     state: present
     reload: yes
     ignoreerrors: yes
-  with_dict: "{{ sysctl_config | combine(sysctl_config_user) }}"
-  loop_control:
-    label: "{{ item.key }} = {{ item.value }}"
 
 - name: install extra packages
   apt:
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index e638905b..2c81f497 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -5,11 +5,6 @@
     state: present
 
 - name: hardening ssh-server config
-  lineinfile:
-    regexp: "^#?\\s*{{ item.key }}"
-    line: "{{ item.key }} {{ item.value }}"
-    dest: /etc/ssh/sshd_config
-    mode: 0644
   with_dict:
     IgnoreRhosts: "yes"
     PermitRootLogin: "without-password"
@@ -18,7 +13,12 @@
     PermitEmptyPasswords: "no"
     UseDNS: "no"
   loop_control:
-    label: "{{ item.key }}"
+    label: "{{ item.key }} = {{ item.value }}"
+  lineinfile:
+    regexp: "^#?\\s*{{ item.key }}"
+    line: "{{ item.key }} {{ item.value }}"
+    dest: /etc/ssh/sshd_config
+    mode: 0644
   notify: restart ssh
 
 - name: limit allowed users
diff --git a/roles/zsh/tasks/main.yml b/roles/zsh/tasks/main.yml
index e19f5366..80880f83 100644
--- a/roles/zsh/tasks/main.yml
+++ b/roles/zsh/tasks/main.yml
@@ -5,22 +5,22 @@
     state: present
 
 - name: install zsh-config
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  with_items:
+  loop:
   - src: "zshrc"
     dest: "/etc/zsh/zshrc"
   - src: "zshrc.skel"
     dest: "/etc/skel/.zshrc"
   loop_control:
     label: "{{ item.dest }}"
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
 
 - name: set zsh as default shell
+  loop: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}"
   user:
     name: "{{ item }}"
     shell: /bin/zsh
-  with_items: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}"
 
 - name: make zsh the default shell for useradd
   lineinfile:
-- 
cgit v1.2.3