added tasks for a bastion host

roles/bastion/tasks/package_hardening.yml

@@ -0,0 +1,42 @@
+---
+- name: system setup | package hardening | remove unnecessary packages (Debian family)
+  tags: packages,hardening,system
+  package:
+    name:
+      # Daemons not needed on a bastion host
+      - apache2*
+      - nginx*
+      - lighttpd*
+      - samba*
+      - nfs-kernel-server
+      - bind9
+      - postfix
+      - cups*
+      - avahi-daemon
+      # Common utilities not required for a minimal system
+      - popularity-contest
+      - whoopsie
+      - command-not-found
+      # Games and fun stuff
+      - bsdgames
+      - fortune-mod
+    state: absent
+    purge: true # Also removes configuration files
+  notify: update aide database
+  when: ansible_os_family == "Debian"
+
+- name: system setup | package hardening | remove unnecessary packages (RedHat family)
+  tags: packages,hardening,system
+  package:
+    name:
+      - httpd*
+      - nginx*
+      - samba*
+      - nfs-utils
+      - named
+      - postfix
+      - cups*
+      - avahi
+    state: absent
+  notify: update aide database
+  when: ansible_os_family == "RedHat"