roles/common: Use blocks to tag children of dynamic tasks

When using dynamic includes, child tasks do not inherit tags from their
parents. You must tag the parent and each child task separately, or use
a block to group children and then apply a tag to a block.

See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html

roles/common/tasks/firewall_Debian.yml

@@ -1,22 +1,22 @@
 ---
-- name: Install firewalld and deps
-  when: ansible_distribution_major_version is version_compare('8', '>=')
-  apt: pkg={{ item }} state=present
-  loop:
-    - firewalld
-    - tidy
-  tags: firewall
 
-- name: Copy firewalld public zone file
+- block:
-  when: ansible_distribution_major_version is version_compare('8', '>=')
+  - name: Install firewalld and deps
-  template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
+    when: ansible_distribution_major_version is version_compare('8', '>=')
-  tags: firewall
+    apt: pkg={{ item }} state=present
+    loop:
+      - firewalld
+      - tidy
 
-- name: Format public.xml firewalld zone file
+  - name: Copy firewalld public zone file
-  when: ansible_distribution_major_version is version_compare('8', '>=')
+    when: ansible_distribution_major_version is version_compare('8', '>=')
-  command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
+    template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
-  notify:
+
-    - reload firewalld
+  - name: Format public.xml firewalld zone file
+    when: ansible_distribution_major_version is version_compare('8', '>=')
+    command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
+    notify:
+      - reload firewalld
   tags: firewall
 
 # vim: set sw=2 ts=2:

roles/common/tasks/firewall_Ubuntu.yml

@@ -1,22 +1,22 @@
 ---
-- name: Install firewalld and deps
-  when: ansible_distribution_version is version_compare('15.04', '>=')
-  apt: pkg={{ item }} state=present
-  loop:
-    - firewalld
-    - tidy
-  tags: firewall
 
-- name: Copy firewalld public zone file
+- block:
-  when: ansible_distribution_version is version_compare('15.04', '>=')
+  - name: Install firewalld and deps
-  template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
+    when: ansible_distribution_version is version_compare('15.04', '>=')
-  tags: firewall
+    apt: pkg={{ item }} state=present
+    loop:
+      - firewalld
+      - tidy
 
-- name: Format public.xml firewalld zone file
+  - name: Copy firewalld public zone file
-  when: ansible_distribution_version is version_compare('15.04', '>=')
+    when: ansible_distribution_version is version_compare('15.04', '>=')
-  command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
+    template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
-  notify:
+
-    - reload firewalld
+  - name: Format public.xml firewalld zone file
+    when: ansible_distribution_version is version_compare('15.04', '>=')
+    command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
+    notify:
+      - reload firewalld
   tags: firewall
 
 # vim: set sw=2 ts=2:

roles/common/tasks/packages_Debian.yml

@@ -1,34 +1,34 @@
 ---
-- name: Configure apt mirror
-  template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
-  tags: packages
 
-- name: Install base packages
+- block:
-  apt: name={{ item }} update_cache=yes
+  - name: Configure apt mirror
-  loop:
+    template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
-    - git
-    - tmux
-    - iotop
-    - htop
-    - strace
-    - cron-apt #how does this work with systemd?
-    - safe-rm
-    - debian-goodies
-    - mosh
-    - python-pycurl # for ansible's apt_repository
-    - lzop
-    - vim
-    - lrzip
-    - unzip
-    - apt-transport-https # for https support in apt
-  tags: packages
 
-- name: Configure cron-apt
+  - name: Install base packages
-  import_tasks: cron-apt.yml
+    apt: name={{ item }} update_cache=yes
-  tags: cron-apt
+    loop:
+      - git
+      - tmux
+      - iotop
+      - htop
+      - strace
+      - cron-apt #how does this work with systemd?
+      - safe-rm
+      - debian-goodies
+      - mosh
+      - python-pycurl # for ansible's apt_repository
+      - lzop
+      - vim
+      - lrzip
+      - unzip
+      - apt-transport-https # for https support in apt
 
-- name: Install tarsnap
+  - name: Configure cron-apt
-  import_tasks: tarsnap.yml
+    import_tasks: cron-apt.yml
+    tags: cron-apt
+
+  - name: Install tarsnap
+    import_tasks: tarsnap.yml
   tags: packages
 
 # vim: set sw=2 ts=2:

roles/common/tasks/packages_Ubuntu.yml

@@ -1,55 +1,52 @@
 ---
-- name: Configure apt mirror
-  template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
-  when: ansible_architecture != 'armv7l'
-  tags: packages
 
-- name: Upgrade base OS
+- block:
-  apt: upgrade=dist update_cache=yes
+  - name: Configure apt mirror
-  tags: packages
+    template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
+    when: ansible_architecture != 'armv7l'
 
-- name: Install base packages
+  - name: Upgrade base OS
-  apt: pkg={{ item }}
+    apt: upgrade=dist update_cache=yes
-  loop:
-    - git
-    - tmux
-    - iotop
-    - htop
-    - strace
-    - s3cmd
-    - cron-apt
-    - safe-rm
-    - debian-goodies
-    - mosh
-    - python-pycurl # for ansible's apt_repository
-    - lzop
-    - vim
-    - lrzip
-    - unzip
-    - apt-transport-https # for https support in apt
-  tags: packages
 
-- name: Security hardening (CIS Benchmark 1.0)
+  - name: Install base packages
-  apt: pkg={{ item }} state=absent purge=yes
+    apt: pkg={{ item }}
-  loop:
+    loop:
-    - whoopsie # CIS 4.1
+      - git
-    - apport   # CIS 4.1
+      - tmux
-  tags: packages
+      - iotop
+      - htop
+      - strace
+      - s3cmd
+      - cron-apt
+      - safe-rm
+      - debian-goodies
+      - mosh
+      - python-pycurl # for ansible's apt_repository
+      - lzop
+      - vim
+      - lrzip
+      - unzip
+      - apt-transport-https # for https support in apt
 
-- name: Remove annoying packages
+  - name: Security hardening (CIS Benchmark 1.0)
-  apt: pkg={{ item }} state=absent purge=yes
+    apt: pkg={{ item }} state=absent purge=yes
-  loop:
+    loop:
-    - command-not-found
+      - whoopsie # CIS 4.1
-    - command-not-found-data
+      - apport   # CIS 4.1
-    - python3-commandnotfound
-  tags: packages
 
-- name: Configure cron-apt
+  - name: Remove annoying packages
-  import_tasks: cron-apt.yml
+    apt: pkg={{ item }} state=absent purge=yes
-  tags: cron-apt
+    loop:
+      - command-not-found
+      - command-not-found-data
+      - python3-commandnotfound
 
-- name: Install tarsnap
+  - name: Configure cron-apt
-  import_tasks: tarsnap.yml
+    import_tasks: cron-apt.yml
+    tags: cron-apt
+
+  - name: Install tarsnap
+    import_tasks: tarsnap.yml
   tags: packages
 
 # vim: set sw=2 ts=2: