Fix hostname, iptables, openssh-sftp an xbps

defaults/main.yml

@@ -6,6 +6,8 @@ common_apt_repositories:
   - "deb http://cdn.debian.net/debian {{ ansible_distribution_release }}-backports main contrib non-free"
   - "deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main contrib non-free"
 common_apt_upgrade_policy: ""
+common_xbps: False
+common_xbps_upgrade_policy: True
 
 common_hostname: True
 common_hostname_hosts_additional: []

tasks/hostname.yml

@@ -1,8 +1,18 @@
 ---
-- name: set hostname
+- name: set hostname for debian
   hostname:
     name: "{{ inventory_hostname_short }}"
-  ignore_errors: yes
+  when: ansible_os_family == "Debian"
+
+- name: check hostname for void
+  command: hostname
+  register: hostname
+  when: ansible_os_family != "Debian"
+  changed_when: False
+
+- name: set hostname for void
+  command: hostname "{{ inventory_hostname_short }}"
+  when: ansible_os_family != "Debian" and hostname.stdout != inventory_hostname_short
 
 - name: /etc/hostname
   copy:

tasks/iptables.yml

@@ -1,13 +1,24 @@
 ---
 - name: iptables - install iptables-persistent
   package: name=iptables-persistent
+  when: ansible_os_family == "Debian"
+
+- name: iptables - install iptables
+  package: name=iptables
+  when: ansible_os_family != "Debian"
 
 - name: /etc/iptables/rules.v4
   template: "dest=/etc/iptables/rules.v4 src={{ common_iptables_v4 }} owner=root group=root mode=0644"
   notify:
     iptables restore
 
+- name: iptables - setup service for IPv4
+  service: name=iptables enabled=yes
+
 - name: /etc/iptables/rules.v6
   template: "dest=/etc/iptables/rules.v6 src={{ common_iptables_v6 }} owner=root group=root mode=0644"
   notify:
     iptables restore
+
+- name: iptables - setup service for IPv6
+  service: name=ip6tables enabled=yes

tasks/main.yml

@@ -11,6 +11,10 @@
   when: common_apt
   tags: ['common', 'apt']
 
+- import_tasks: xbps.yml
+  when: common_xbps
+  tags: ['common', 'xbps']
+
 - import_tasks: locales.yml
   when: common_locales
   tags: ['common', 'locales']

tasks/openssh.yml

@@ -21,7 +21,7 @@
       src: sshd_config.j2
       owner: root
       group: root
-      mode: 0600
+      mode: 0644
       validate: '/usr/sbin/sshd -T -f %s'
   notify: reload openssh
 

tasks/xbps.yml

@@ -0,0 +1,7 @@
+- name: install basic tools
+  xbps: "name={{ item }} update_cache=yes"
+  with_items: "{{ common_basic_packages }}"
+
+- name: apt - upgrade system
+  xbps: "upgrade={{ common_xbps_upgrade_policy }}"
+  when: common_xbps_upgrade_policy