---
- name: apt - Install base system tools
  apt: name={{ item }} state=present
  with_items:
    - htop
    - dstat
    - lsof
    - gawk
    - psmisc
    - less
    - debian-goodies
    - screen
    - mtr-tiny
    - tcpdump
    - unp
    - sudo
    - haveged
    - dbus
    - libpam-systemd
    - aptitude
    - ca-certificates
    - file

- name: Remove startup message from screen
  lineinfile:
    regexp: "^startup_message"
    line: "startup_message off"
    dest: /etc/screenrc
    mode: 0644
  tags:
    - screen

- name: Ensure /root is not world accessible
  file:
    path: /root
    mode: 0700
    owner: root
    group: root
    state: directory

- name: disable net/fs/misc kernel modules
  lineinfile:
    dest: /etc/modprobe.d/disablemod.conf
    line: "install {{ item }} /bin/true"
    create: yes
    owner: root
    group: root
    mode: 0644
  with_items: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"

- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
  sysctl:
    name: '{{ item.key }}'
    value: '{{ item.value }}'
    sysctl_set: yes
    state: present
    reload: yes
    ignoreerrors: yes
  with_dict: '{{ sysctl_config | combine(sysctl_config_user) }}'