Merge pull request #281 from lvillani/ocd

Merge pull request #281. Awesome.

roles/common/tasks/encfs.yml

   apt: pkg={{ item }} state=installed
   with_items:
     - encfs
-    - libfuse-dev
     - fuse
+    - libfuse-dev
 
 - name: Create encrypted directory
   file: state=directory path=/encrypted

roles/common/tasks/google_auth.yml

 - name: Ensure required packages are installed
   apt: pkg={{ item }} state=present
   with_items:
-    - libqrencode3
-    - libpam0g-dev
     #- libpam-google-authenticator    wasn't available in wheezy
+    - libpam0g-dev
+    - libqrencode3
 
 - name: Download Google authenticator pam module
   get_url: url=https://google-authenticator.googlecode.com/files/libpam-google-authenticator-{{ google_auth_version }}-source.tar.bz2

roles/common/tasks/google_auth_mod.yml

 - name: Ensure required packages are installed
   apt: pkg={{ item }} state=present
   with_items:
-    - libqrencode3
-    - libpam0g-dev
     - libpam-google-authenticator
+    - libpam0g-dev
+    - libqrencode3
 
 - name: Update sshd config to enable challenge responses
   lineinfile: dest=/etc/ssh/sshd_config

roles/common/tasks/main.yml

 - name: Install necessities and nice-to-haves
   apt: pkg={{ item }} state=installed
   with_items:
-    - sudo
-    - vim
+    - apache2
+    - apt-transport-https
+    - apticron
+    - build-essential
+    - debian-goodies
+    - git
     - htop
     - iftop
     - iotop
     - mosh
-    - zsh
-    - git
+    - python-software-properties
     - ruby1.9.3
     - screen
-    - apache2
-    - build-essential
-    - apticron
+    - sudo
     - update-notifier-common
-    - debian-goodies
-    - apt-transport-https
-    - python-software-properties
+    - vim
+    - zsh
 
 - name: Install unattended upgrades (Debian/Ubuntu only)
   apt: pkg=unattended-upgrades state=installed

roles/common/tasks/security.yml

   apt: pkg={{ item }} state=installed
   with_items:
     - fail2ban
-    - rkhunter
     - lynis
+    - rkhunter
 
 - name: Copy fail2ban configuration into place
   template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local

roles/common/tasks/ufw.yml

 - name: Set firewall rules for web traffic and SSH
   ufw: rule=allow port={{ item }} proto=tcp
   with_items:
-    - ssh
     - http
     - https
+    - ssh
 
 - name: Check config of ufw
   command: cat /etc/ufw/ufw.conf

roles/git/tasks/cgit.yml

   apt: pkg={{ item }} state=installed
   with_items:
     - groff
-    - python-pip
     - libssl-dev
+    - python-pip
 
 - name: Install cgit pip dependencies
   pip: name={{ item }}
   with_items:
-    - pygments
     - docutils
+    - pygments
 
 - name: Download cgit release
   get_url: url=http://git.zx2c4.com/cgit/snapshot/cgit-{{ cgit_version }}.tar.xz

roles/ircbouncer/tasks/znc.yml

 - name: Install znc dependencies
   apt: pkg={{ item }} state=installed
   with_items:
-    - build-essential
-    - libssl-dev
-    - openssl
-    - swig
     - automake
-    - libtool
-    - libsasl2-dev
+    - build-essential
     - checkinstall
     - g++
+    - libperl-dev
+    - libsasl2-dev
+    - libssl-dev
+    - libtool
+    - openssl
     - pkg-config
     - python3-dev
-    - libperl-dev
+    - swig
 
 - name: Download znc release
   get_url: url=http://znc.in/releases/archive/znc-{{ znc_version }}.tar.gz dest=/root/znc-{{ znc_version }}.tar.gz

roles/mailserver/tasks/dovecot.yml

   with_items:
     - dovecot-core
     - dovecot-imapd
-    - dovecot-pop3d
     - dovecot-lmtpd
     - dovecot-managesieved
-    - postgresql-9.1
     - dovecot-pgsql
+    - dovecot-pop3d
+    - postgresql-9.1
   when: ansible_distribution_release != 'trusty'
 
 - name: Install Dovecot and related packages for Ubuntu trusty
   with_items:
     - dovecot-core
     - dovecot-imapd
-    - dovecot-pop3d
     - dovecot-lmtpd
     - dovecot-managesieved
-    - postgresql-9.3
     - dovecot-pgsql
+    - dovecot-pop3d
+    - postgresql-9.3
   when: ansible_distribution_release == 'trusty'
 
 - name: Create vmail group
 - name: Copy additional Dovecot configuration files in place
   copy: src=etc_dovecot_conf.d_{{ item }} dest=/etc/dovecot/conf.d/{{ item }}
   with_items:
-    - 10-mail.conf
     - 10-auth.conf
-    - auth-sql.conf.ext
+    - 10-mail.conf
     - 10-master.conf
     - 10-ssl.conf
+    - auth-sql.conf.ext
   notify: restart dovecot
 
 - name: Template 15-lda.conf
 - name: Set firewall rules for dovecot
   ufw: rule=allow port={{ item }} proto=tcp
   with_items:
-    - pop3s
     - imaps
+    - pop3s

roles/mailserver/tasks/dspam.yml

 - name: Install dspam and related packages
   apt: pkg={{ item }} state=installed
   with_items:
-    - dspam
     - dovecot-antispam
-    - postfix-pcre
     - dovecot-sieve
+    - dspam
+    - postfix-pcre
 
 - name: Create dspam directory
   file: state=directory path=/decrypted/dspam group=dspam owner=dspam
     - 20-imap.conf
     - 90-plugin.conf
   notify: restart dovecot
-

roles/mailserver/tasks/postfix.yml

 - name: Install Postfix 9.1 and related packages
   apt: pkg={{ item }} state=installed
   with_items:
-    - postfix
     - libsasl2-modules
-    - sasl2-bin
-    - postgrey
-    - postgresql-9.1
+    - postfix
+    - postfix-pcre
     - postfix-pgsql
+    - postgresql-9.1
+    - postgrey
     - python-psycopg2
-    - postfix-pcre
+    - sasl2-bin
   when: ansible_distribution_release != 'trusty'
 
 - name: Install Postfix 9.3 and related packages for Ubuntu Trusty
   apt: pkg={{ item }} state=installed
   with_items:
-    - postfix
     - libsasl2-modules
-    - sasl2-bin
-    - postgrey
-    - postgresql-9.3
+    - postfix
+    - postfix-pcre
     - postfix-pgsql
+    - postgresql-9.3
+    - postgrey
     - python-psycopg2
-    - postfix-pcre
+    - sasl2-bin
   when: ansible_distribution_release == 'trusty'
 
 - name: Set postgres password
 - name: Copy additional postfix configuration files
   template: src=etc_postfix_{{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root
   with_items:
+    - pgsql-virtual-alias-maps.cf
     - pgsql-virtual-mailbox-domains.cf
     - pgsql-virtual-mailbox-maps.cf
-    - pgsql-virtual-alias-maps.cf
   notify: restart postfix
 
 - name: Set firewall rules for postfix

roles/mailserver/tasks/solr.yml

 - name: Install Solr and related packages
   apt: pkg={{ item }} state=installed
   with_items:
-    - solr-tomcat
     - dovecot-solr
+    - solr-tomcat
 
 - name: Work around Debian bug and copy Solr schema file into place
   copy: src=solr-schema.xml dest=/etc/solr/conf/schema.xml group=root owner=root

roles/mailserver/tasks/z-push.yml

 - name: Install required packages for z-push
   apt: pkg={{ item }} state=installed
   with_items:
+    - php-soap
     - php5
     - php5-cli
-    - php-soap
     - php5-imap
-    
+
 - name: Download z-push release
-  get_url: 
+  get_url:
     url=http://download.z-push.org/final/2.1/z-push-{{ zpush_version }}.tar.gz
     dest=/root/z-push-{{ zpush_version }}.tar.gz
 

roles/monitoring/tasks/logwatch.yml

 - name: Install logwatch
   apt: pkg={{ item }} state=installed
   with_items:
-    - logwatch
     - libdate-manip-perl
+    - logwatch
 
 - name: Configure logwatch
   template: src=etc_logwatch_conf_logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf

roles/monitoring/tasks/monit.yml

   copy: src=etc_monit_conf.d_{{ item }} dest=/etc/monit/conf.d/{{ item }}
   with_items:
     - apache2
-    - pgsql
     - dovecot
+    - pgsql
     - postfix
     - sshd
     - tomcat

roles/owncloud/tasks/owncloud.yml

 - name: Install PHP dependencies
   apt: pkg={{ item }} state=present
   with_items:
-    - php-apc
     - libapache2-mod-php5
+    - php-apc
 
 - name: Owncloud www directory
   file: state=directory path=/var/www/owncloud

roles/readlater/tasks/wallabag.yml

   apt: pkg={{ item }} state=present
   with_items:
     - php5
-    - php5-mcrypt
-    - php5-tidy
     - php5-curl
+    - php5-mcrypt
     - php5-pgsql
-    
+    - php5-tidy
+
 - name: Create database user for wallabag
   postgresql_user: login_host=localhost
                    login_user={{ db_admin_username }}

roles/tarsnap/tasks/tarsnap.yml

   when: tarnsap_installed|failed
   apt: pkg={{ item }} state=installed
   with_items:
+    - e2fslibs-dev
     - libssl-dev
     - zlib1g-dev
-    - e2fslibs-dev
 
 - name: Download the current tarsnap code signing key
   when: tarnsap_installed|failed

roles/vpn/tasks/openvpn.yml

 - name: Install OpenVPN and dependencies from apt
   apt: pkg={{ item }} state=installed
   with_items:
+    - dnsmasq
     - openvpn
     - udev
-    - dnsmasq
 
 - name: Generate RSA keys for the CA and Server
   command: openssl genrsa -out {{ item }}.key {{ openvpn_key_size }}

roles/webmail/tasks/roundcube.yml

   apt: pkg={{ item }} state=latest
   with_items:
     - roundcube
-    - roundcube-plugins
     - roundcube-pgsql
+    - roundcube-plugins
 
 - name: Configure Roundcube database
   template: src={{ item.src }} dest={{ item.dest }} group={{ item.group }} mode={{ item.mode }} owner=root force=yes
 - name: Configure roundcube
   copy: src={{ item.src }} dest={{ item.dest }} group=www-data owner=root mode=640 force=yes
   with_items:
+  - { src: 'etc_roundcube_global.sieve',                                          dest: '/etc/roundcube/global.sieve' }
   - { src: 'etc_roundcube_main.inc.php',                                          dest: '/etc/roundcube/main.inc.php' }
-  - { src: 'usr_share_roundcube_plugins_managesieve_config.inc.php',              dest: '/usr/share/roundcube/plugins/managesieve/config.inc.php' }
   - { src: 'usr_share_roundcube_plugins_carddav_config.inc.php',                  dest: '/usr/share/roundcube/plugins/carddav/config.inc.php' }
+  - { src: 'usr_share_roundcube_plugins_managesieve_config.inc.php',              dest: '/usr/share/roundcube/plugins/managesieve/config.inc.php' }
   - { src: 'usr_share_roundcube_plugins_twofactor_gauthenticator_config.inc.php', dest: '/usr/share/roundcube/plugins/twofactor_gauthenticator/config.inc.php' }
-  - { src: 'etc_roundcube_global.sieve',                                          dest: '/etc/roundcube/global.sieve' }
 
 - name: Enable roundcube site
   command: a2ensite roundcube.conf creates=/etc/apache2/sites-enabled/roundcube.conf
   notify: restart apache
-