---
- name: 缓存ansilbe setup信息
  setup: gather_subset=all

- name: apt更新缓存刷新
  apt: update_cache=yes cache_valid_time=72000
  when: ansible_os_family == 'Debian'

- name: Set OS family dependent variables
  include_vars: '{{ ansible_os_family }}.yml'
  tags: always

- name: Set OS dependent variables
  include_vars: '{{ item }}'
  with_first_found:
    - files:
      - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
      - '{{ ansible_distribution }}.yml'
      - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
      skip: true
  tags: always

- import_tasks: limits.yml
  tags: limits

- import_tasks: login_defs.yml
  tags: login_defs

- include_tasks: minimize_access.yml
  tags: minimize_access

- import_tasks: pam.yml
  tags: pam

- import_tasks: modprobe.yml
  tags: modprobe

- import_tasks: profile.yml
  tags: profile

- import_tasks: securetty.yml
  tags: securetty

- import_tasks: suid_sgid.yml
  when: os_security_suid_sgid_enforce
  tags: suid_sgid

- import_tasks: sysctl.yml
  tags: sysctl

- import_tasks: user_accounts.yml
  tags: user_accounts

- import_tasks: rhosts.yml
  tags: rhosts

- import_tasks: yum.yml
  when: ansible_os_family == 'RedHat'
  tags: yum

- import_tasks: apt.yml
  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
  tags: apt