3 changed files with 9 additions and 23 deletions
--- a/lmn-client.yml
+++ b/lmn-client.yml
@ -80,17 +80,15 @@
        loop_var: rolename
      when: custom_roles is defined
-    - name: Import role security
+    - name: Final tasks
-      ansible.builtin.import_role:
+      ansible.builtin.include_role:
-        name: lmn_security
+        name: "{{ role }}"
-
+      loop_control:
-    - name: Import role finish
+        loop_var: role
-      ansible.builtin.import_role:
+      loop:
-        name: lmn_finish
+        - lmn_security
-
+        - lmn_finish
-    - name: Import role tmpfixes
+        - lmn_tmpfixes
      ansible.builtin.import_role:
        name: lmn_tmpfixes
 - name: Apply roles that must run serial
--- a/roles/lmn_misc/tasks/main.yml
+++ b/roles/lmn_misc/tasks/main.yml
@ -167,8 +167,6 @@
    src: reporter.j2
    dest: /usr/local/sbin/reporter
    mode: '0755'
  tags:
    - baseinstall
 - name: Provide services and timers for reporter
  ansible.builtin.copy:
@ -179,16 +177,12 @@
    - reporter.service
    - reporter.timer
  when: misc_reporter
  tags:
    - baseinstall
 - name: Enable reporter.timer
  ansible.builtin.systemd:
    name: reporter.timer
    enabled: true
  when: misc_reporter
  tags:
    - baseinstall
 # Prepare CloneScreen on Presenter PCs
--- a/roles/lmn_security/tasks/main.yml
+++ b/roles/lmn_security/tasks/main.yml
@ -5,8 +5,6 @@
    key: "{{ item }}"
  loop: "{{ keys2deploy }}"
  when: keys2deploy is defined
  tags:
    - baseinstall
 - name: Allow sudo without password for ansible
  ansible.builtin.lineinfile:
@ -16,16 +14,12 @@
    owner: root
    group: root
    mode: '0700'
  tags:
    - baseinstall
 - name: Disable ansible user login
  ansible.builtin.user:
    name: ansible
    password_lock: true
  when: security_defaultuser_login_disable
  tags:
    - baseinstall
 - name: Limit SSH access to user ansible
  ansible.builtin.blockinfile: