From 6aed22b633ddbe589e9b5d003437f5b1f6ed0a80 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Thu, 20 Dec 2018 09:54:46 +0200
Subject: [PATCH] roles/common: Use one task to remove Ubuntu packages

I had previously been removing some packages for security reasons,
then removing others because they were annoying, and yet *others*
because they were annoying on newer Ubuntus only. It is easier to
just unify these tasks and remove them all in one go.

On older Ubuntus where some packages don't exist the task will just
succeed because the package is absent anyways.
---
 roles/common/tasks/packages_Ubuntu.yml | 36 ++++++++++----------------
 1 file changed, 14 insertions(+), 22 deletions(-)

diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml
index 57e2600..253093c 100644
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@@ -30,32 +30,24 @@
   - name: Install base packages
     apt: pkg={{ ubuntu_base_packages }} state=present update_cache=yes cache_valid_time=3600
 
-  - name: Security hardening (CIS Benchmark 1.0)
-    apt: pkg={{ item }} state=absent purge=yes
-    loop:
-      - whoopsie # CIS 4.1
-      - apport   # CIS 4.1
 
-  - name: Set fact for annoying packages
+  - name: Set fact for packages to remove
     set_fact:
       ubuntu_annoying_packages:
-        - command-not-found
-        - command-not-found-data
-        - python3-commandnotfound
+        - whoopsie # security (CIS 4.1)
+        - apport   # security (CIS 4.1)
+        - command-not-found # annoying
+        - command-not-found-data # annoying
+        - python3-commandnotfound # annoying
+        - snapd # annoying (Ubuntu >= 16.04)
+        - lxd # annoying (Ubuntu >= 16.04)
+        - lxd-client # annoying (Ubuntu >= 16.04)
+        - liblxc1 # annoying (Ubuntu >= 16.04)
+        - lxc-common # annoying (Ubuntu >= 16.04)
+        - lxcfs #annoying (Ubuntu >= 16.04)
 
-  - name: Set fact for more annoying packages
-    set_fact:
-      ubuntu_more_annoying_packages:
-        - snapd
-        - lxd
-        - lxd-client
-        - liblxc1
-        - lxc-common
-        - lxcfs
-    when: ansible_distribution_version is version_compare('16.04', '>=')
-
-  - name: Remove more annoying packages
-    apt: name={{ ubuntu_annoying_packages | union(ubuntu_more_annoying_packages) }} state=absent purge=yes
+  - name: Remove packages
+    apt: name={{ ubuntu_annoying_packages }} state=absent purge=yes
 
   - name: Configure cron-apt
     import_tasks: cron-apt.yml