From 985fe96b0a5a7f99f91910bd5e65f179a8825c09 Mon Sep 17 00:00:00 2001
From: L3D <lilian.roller@wingcon.com>
Date: Fri, 28 Aug 2020 13:32:16 +0200
Subject: [PATCH] Migrate packages to new layout

---
 defaults/main.yml  |   2 +
 tasks/main.yml     | 143 +++++++++++++++++++++++----------------------
 tasks/packages.yml |  17 ++++++
 vars/main.yml      |   8 ++-
 4 files changed, 98 insertions(+), 72 deletions(-)
 create mode 100644 tasks/packages.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 12b15ba..653932a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,6 +13,8 @@ base__pkg_contrib: "{{ base_pkg_contrib }}"
 # optionaly print some OS vars
 base__print_os_vars: "{{ print_os_vars }}"
 
+base__package_state: 'present'
+
 
 
 # LEGACY VARS
diff --git a/tasks/main.yml b/tasks/main.yml
index 3076136..5703b93 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -11,81 +11,86 @@
     - base__add_ethz | bool
     - ansible_architecture == 'x86_64'
 
-- name: Install common base packages [Debian]
-  become: yes
-  apt:
-    package: "{{ debian_packages }}"
-    state: present
-    update_cache: yes
-    cache_valid_time: 43200
-  when: ansible_os_family == 'Debian' and ansible_distribution_version != '7' and ansible_distribution_release != 'wheezy' and ansible_machine != 'armv6l'
-
-- name: Install common base packages [all - wheezy]
-  become: yes
-  package:
-    name: "{{ base_packages_extended }}"
-    state: present
-  when:
-    - ansible_machine != 'armv6l'
-    - ansible_distribution_release != 'wheezy'
-    - ansible_architecture != 'armv7l'
-
-- name: Install extended base packages [all - wheezy - rpi]
-  become: yes
-  package:
-    name: "{{ base_packages }}"
-    state: present
-  when: ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
+- include_tasks: packages.yml
 
 
-- name: Install common base packages [Fedora]
-  become: yes
-  package:
-    name: "{{ fedora_packages }}"
-    state: present
-  when: ansible_distribution == 'Fedora'
 
-- name: install packages for everyone except centos/rhel
-  become: true
-  package:
-    name: "{{ packages_for_all_except_rhel }}"
-    state: present
-  when:
-    - ansible_os_family != 'RedHat'
-    - ansible_distribution_version != "14.04"
-    - ansible_distribution_version != "12.04"
-    - ansible_distribution_release != 'wheezy'
-    - ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
 
-- name: Install extra packages
-  become: true
-  package:
-    name: "{{ packages_extra }}"
-    state: present
-  when:
-    - packages_extra is defined
-    - packages_extra != '[]'
-    - ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
+#- name: Install common base packages [Debian]
+#  become: yes
+#  apt:
+#    package: "{{ debian_packages }}"
+#    state: present
+#    update_cache: yes
+#    cache_valid_time: 43200
+#  when: ansible_os_family == 'Debian' and ansible_distribution_version != '7' and ansible_distribution_release != 'wheezy' and ansible_machine != 'armv6l'
 
-- name: Remove rpcbind, nfs-common
-  become: yes
-  package:
-    name:
-      - rpcbind
-      - nfs-common
-    state: absent
-  when:
-    - ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
-    - ansible_os_family == 'Debian'
+#- name: Install common base packages [all - wheezy]
+#  become: yes
+#  package:
+#    name: "{{ base_packages_extended }}"
+#    state: present
+#  when:
+#    - ansible_machine != 'armv6l'
+#    - ansible_distribution_release != 'wheezy'
+#    - ansible_architecture != 'armv7l'
 
-- name: Upgrade all packages to latest
-  become: true
-  package:
-    name: "*"
-    state: latest
-  when:
-    - upgrade_packages_to_latest_version|bool
-    - ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
+#- name: Install extended base packages [all - wheezy - rpi]
+#  become: yes
+#  package:
+#    name: "{{ base_packages }}"
+#    state: present
+#  when: ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
+
+
+#-# name: Install common base packages [Fedora]
+#  become: yes
+#  package:
+#    name: "{{ fedora_packages }}"
+#    state: present
+#  when: ansible_distribution == 'Fedora'
+#
+#- name: install packages for everyone except centos/rhel
+#  become: true
+#  package:
+#    name: "{{ packages_for_all_except_rhel }}"
+#    state: present
+#  when:
+#    - ansible_os_family != 'RedHat'
+#    - ansible_distribution_version != "14.04"
+#    - ansible_distribution_version != "12.04"
+#    - ansible_distribution_release != 'wheezy'
+#    - ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
+
+#- name: Install extra packages
+#  become: true
+#  package:
+#    name: "{{ packages_extra }}"
+#    state: present
+#  when:
+#    - packages_extra is defined
+#    - packages_extra != '[]'
+#    - ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
+#
+#- name: Remove rpcbind, nfs-common
+#  become: yes
+#  package:
+#    name:
+#      - rpcbind
+#      - nfs-common
+#    state: absent
+#  when:
+#    - ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
+#    - ansible_os_family == 'Debian'
+#
+#- name: Upgrade all packages to latest
+#  become: true
+#  package:
+#    name: "*"
+#    state: latest
+#  when:
+#    - upgrade_packages_to_latest_version|bool
+#    - ansible_machine != 'armv6l' and ansible_distribution_release != 'wheezy'
 
 - include_tasks: editor.yml
   when: editor_is_vim | bool
diff --git a/tasks/packages.yml b/tasks/packages.yml
new file mode 100644
index 0000000..315151c
--- /dev/null
+++ b/tasks/packages.yml
@@ -0,0 +1,17 @@
+---
+- name: install base packages for all operating systems
+  become: true
+  package:
+    name: "{{ base__packages }}"
+    state: "{{ base__package_state }}"
+
+- name: install packages for all non-legacy x86 systems
+  become: true
+  package:
+    name: "{{ base__modern_packages }}"
+    state: "{{ base__package_state }}"
+  when: |
+    ansible_distribution == 'Ubuntu' and ansible_distribution_version | float >= "16.0" or
+    ansible_os_family == 'RedHat' and ansible_distribution_version | float >= "7" or
+    ansible_distribution == 'Debian' and ansible_distribution_version | float >= 8 or
+    ansible_os_family == 'Archlinux'
diff --git a/vars/main.yml b/vars/main.yml
index 64e4365..c6b602f 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,9 +1,9 @@
 ---
-base_packages:
+# must-have packages for all systems
+base__packages:
   - rsync
   - tmux
   - sudo
-  - fail2ban
   - ethtool
   - vim
   - nmap
@@ -16,11 +16,13 @@ base_packages:
   - gdisk
   - lsof
 
-base_packages_extended:
+# packages for all non-legacy x86 systems
+base__modern_packages:
   - tcpdump
   - sysstat
   - smartmontools
 
+
 debian_packages:
   - debian-goodies
   - molly-guard