---
- name: system setup | package hardening | remove unnecessary packages (Debian family)
  tags: packages,hardening,system
  package:
    name:
      # Daemons not needed on a bastion host
      - apache2*
      - nginx*
      - lighttpd*
      - samba*
      - nfs-kernel-server
      - bind9
      - postfix
      - cups*
      - avahi-daemon
      - sudo
      # Common utilities not required for a minimal system
      - popularity-contest
      - whoopsie
      - command-not-found
      # Games and fun stuff
      - bsdgames
      - fortune-mod
    state: absent
    purge: true # Also removes configuration files
  register: deb_packages_removed
  when: ansible_os_family == "Debian"

- name: system setup | package hardening | remove unnecessary packages (RedHat family)
  tags: packages,hardening,system
  package:
    name:
      - httpd*
      - nginx*
      - samba*
      - nfs-utils
      - named
      - postfix
      - cups*
      - avahi
      - sudo
    state: absent
  register: rh_packages_removed
  when: ansible_os_family == "RedHat"

- name: Set fact if packages were removed
  set_fact:
    aide_db_needs_update: true
  when: (deb_packages_removed is defined and deb_packages_removed.changed) or (rh_packages_removed is defined and rh_packages_removed.changed)