base: Remove all depencies to other than base packages

roles/base/README.md

@@ -0,0 +1,12 @@
+## Ansible Role: base
+
+This role is applied to all hosts. This role must not have any package
+depencies outside operating system's base packages.
+
+### Basic service
+
+This role will install and configure following base services using
+operating system default software:
+ * mail sending to local (foo.sh) addresses using smtps port
+ * system logging to remote host
+ * ssh server (tighten crypto settings)

roles/base/tasks/OpenBSD.yml

@@ -14,9 +14,6 @@
     state: installed
   with_items:
     - bash           # lots of scripts rely on this
-    - emacs--no_x11  # better editor :)
-    - htop           # system monitoring
-    - iftop          # monitor interfaces
     - vim--no_x11    # we need real vim
 
 - name: disable nightly cron noise
@@ -54,6 +51,7 @@
   include_role:
     name: "{{ role }}"
   with_items:
+    - opensmtpd
     - pf
     - syslogd
   loop_control:

roles/base/tasks/RedHat.yml

@@ -1,15 +1,11 @@
 ---
-- name: enable epel repository
-  package:
-    name: epel-release
-    state: installed
-
 - name: install os specific roles
   include_role:
     name: "{{ role }}"
   with_items:
     - selinux        # selinux first to get fcontexts working
     - iptables
+    - postfix
     - rsyslog
   loop_control:
     loop_var: role
@@ -20,8 +16,6 @@
     state: installed
   with_items:
     - bind-utils     # dig
-    - htop           # system monitoring
-    - iftop          # monitor interfaces
     - iotop          # monitor io usage
     - mailx          # send mail from cmd
     - nc             # netcat

roles/base/tasks/main.yml

@@ -63,7 +63,6 @@
     name: "{{ role }}"
   with_items:
     - network
-    - opensmtpd
     - pki
     - psacct
   loop_control: