evolinux-base: add conditions for most of tasks

evolinux-base/README.md

@@ -19,11 +19,11 @@ Various tasks for Evolinux setup.
 * `provider_online` :
 * `provider_orange_fce` :
 
-Each task file is included in the `main.yml` file with a condition based on a variable like `evolinux_tasks_hostname` (mostly `True` by default). The variables can be set to `False` to disable groups of tasks. Finer grained tasks disabling is done in each group of tasks.
-
 ## Available variables
 
-Main variables are :
+Each tasks group is included in the `main.yml` file with a condition based on a variable like `evolinux_hostname_include` (mostly `True` by default). The variables can be set to `False` to disable a . Finer grained tasks disabling is done in each group of tasks.
+
+Main variables are:
 
 * `general_alert_email`: email address to send various alert messages (default: `root@localhost`).
 * `apt_alert_email`: email address to send APT messages to (default: `general_alert_email`).

evolinux-base/defaults/main.yml

@@ -11,7 +11,10 @@ postfix_alias_email: Null
 
 # hostname
 
-evolinux_tasks_hostname: True
+evolinux_hostname_include: True
+
+evolinux_hostname_hosts: True
+evolinux_hostname_mailname: True
 
 evolinux_hostname: "{{ ansible_hostname }}"
 evolinux_domain: "{{ ansible_domain }}"
@@ -20,7 +23,7 @@ evolinux_internal_hostname: "{{ evolinux_hostname }}"
 
 # kernel
 
-evolinux_tasks_kernel: True
+evolinux_kernel_include: True
 
 evolinux_kernel_reboot_after_panic: True
 evolinux_kernel_disable_tcp_timestamps: True
@@ -29,65 +32,115 @@ evolinux_kernel_cve20165696: True
 
 # apt
 
-evolinux_tasks_apt: True
+evolinux_apt_include: True
 
-evolinux_apt_upgrade: True
+evolinux_apt_conf: True
-evolinux_apt_repositories_components: "main"
 evolinux_apt_hooks: True
+evolinux_apt_disable_originals: True
+evolinux_apt_disable_debsrc: True
+evolinux_apt_basic_sources: True
+evolinux_apt_public_sources: True
+evolinux_apt_upgrade: True
 evolinux_apt_remove_aptitude: True
 
+evolinux_apt_repositories_components: "main"
+
 # fstab
 
-evolinux_tasks_fstab: True
+evolinux_fstab_include: True
+
+evolinux_fstab_var_tmp: True
 
 # packages
 
-evolinux_tasks_packages: True
+evolinux_packages_include: True
 
-evolinux_delete_nfs: True
+evolinux_packages_system: True
+evolinux_packages_diagnostic: True
+evolinux_packages_hardware: True
+evolinux_packages_common: True
+evolinux_packages_serveur_base: True
+evolinux_packages_invalid_mta: True
+evolinux_packages_delete_nfs: True
+evolinux_packages_listchanges: True
 
 # system
 
-evolinux_tasks_system: True
+evolinux_system_include: True
 
-evolinux_ntp_server: Null
+evolinux_system_chmod_tmp: True
-evolinux_timezone: "Europe/Paris"
+evolinux_system_locales: True
+evolinux_system_timezone: "Europe/Paris"
+evolinux_system_vim_default: True
+evolinux_system_profile: True
+evolinux_system_dirmode_adduser: True
+evolinux_system_alert5_init: True
+evolinux_system_alert5_enable: True
+evolinux_system_eni_auto: True
+evolinux_system_ntp_server: False
 
 # root
 
-evolinux_tasks_root: True
+evolinux_root_include: True
+
+evolinux_root_chmod: True
+evolinux_root_bashrc: True
+evolinux_root_bash_history: True
+evolinux_root_umask: True
+evolinux_root_gitconfig: True
+evolinux_root_bash_history_appendonly: True
+evolinux_root_vim_default: True
+evolinux_root_vim_conf: True
 
 # ssh
 
-evolinux_tasks_ssh: True
+evolinux_ssh_include: True
 
 evolinux_ssh_password_auth_addresses: []
+evolinux_ssh_match_address: True
 evolinux_ssh_disable_root: True
+evolinux_ssh_disable_acceptenv: True
 
 # postfix
 
-evolinux_tasks_postfix: True
+evolinux_postfix_include: True
 
+evolinux_postfix_packages: True
+evolinux_postfix_users_alias_root: True
+evolinux_postfix_mailer_alias_root: True
+evolinux_postfix_root_alias: True
 evolinux_postfix_purge_exim: True
 
 # logs
 
-evolinux_tasks_logs: True
+evolinux_logs_include: True
+
+evolinux_logs_logrotate_confs: True
+evolinux_logs_default_rotate: True
+evolinux_logs_disable_logrotate_rsyslog: True
+evolinux_logs_rsyslog_conf: True
 
 # default www
 
-evolinux_tasks_default_www: True
+evolinux_default_www_include: True
+
+evolinux_default_www_files: True
+evolinux_default_www_ssl_cert: True
+evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}"
+
+evolinux_default_www_nginx_vhost: True
+evolinux_default_www_nginx_enabled: False
+
+evolinux_default_www_apache_vhost: True
+evolinux_default_www_apache_enabled: False
 
 evolinux_default_www_redirect_url: "http://evolix.fr"
-evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}"
-evolinux_default_www_nginx_enabled: False
-evolinux_default_www_apache_enabled: False
 
 # hardware
 
-evolinux_tasks_hardware: True
+evolinux_hardware_include: True
 
 # providers
 
-evolinux_tasks_provider_online: False
+evolinux_provider_online_include: False
-evolinux_tasks_provider_orange_fce: False
+evolinux_provider_orange_fce_include: False

evolinux-base/tasks/apt.yml

@@ -10,6 +10,7 @@
   with_items:
   - "APT::Install-Recommends \"0\";"
   - "APT::Install-Suggests \"0\";"
+  when: evolinux_apt_conf
 
 - name: DPKg invoke hooks
   lineinfile:
@@ -31,12 +32,14 @@
   with_items:
   # - '.+\.debian\.org'
   - 'cdrom:'
+  when: evolinux_apt_disable_originals
 
 - name: deb-src repositories are disabled
   replace:
     dest: /etc/apt/sources.list
     regexp:  '^(deb-src.+)'
     replace: '# \1'
+  when: evolinux_apt_disable_debsrc
 
 - name: Basic sources list is installed
   lineinfile:
@@ -46,14 +49,16 @@
   - "deb http://security.debian.org/ jessie/updates {{ evolinux_apt_repositories_components | mandatory }}"
   - "deb http://mirror.evolix.org/debian/ jessie {{ evolinux_apt_repositories_components | mandatory }}"
   - "deb http://mirror.evolix.org/debian/ jessie-updates {{ evolinux_apt_repositories_components | mandatory }}"
+  when: evolinux_apt_basic_sources
 
 - name: Evolix public list is installed
-  template:
+  copy:
-    src: apt/evolix_public.list.j2
+    src: apt/evolix_public.list
     dest: /etc/apt/sources.list.d/evolix_public.list
     force: yes
     backup: yes
     mode: 0640
+  when: evolinux_apt_public_sources
 
 - name: Remove Aptitude
   apt:

evolinux-base/tasks/default_www.yml

@@ -4,6 +4,7 @@
     path: /var/www
     state: directory
     mode: 0755
+  when: evolinux_default_www_files
 
 - name: images are copied
   copy:
@@ -12,37 +13,40 @@
     mode: 0755
     directory_mode: 0755
     follow: yes
+  when: evolinux_default_www_files
 
 - name: index is copied
   template:
     src: default_www/index.html.j2
     dest: /var/www/index.html
     mode: 0755
+  when: evolinux_default_www_files
 
 # SSL cert
 
-- name: ssl-cert package is installed
+- block:
-  apt:
+  - name: ssl-cert package is installed
-    name: ssl-cert
+    apt:
-    state: installed
+      name: ssl-cert
+      state: installed
 
-- name: Create private key and csr for default site ({{ ansible_fqdn }})
+  - name: Create private key and csr for default site ({{ ansible_fqdn }})
-  command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "{{ evolinux_default_www_ssl_subject }}"
+    command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "{{ evolinux_default_www_ssl_subject }}"
-  args:
+    args:
-    creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
+      creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
 
-- name: Adjust rights on private key
+  - name: Adjust rights on private key
-  file:
+    file:
-    path: /etc/ssl/private/{{ ansible_fqdn }}.key
+      path: /etc/ssl/private/{{ ansible_fqdn }}.key
-    owner: root
+      owner: root
-    group: ssl-cert
+      group: ssl-cert
-    mode: 0640
+      mode: 0640
-
-- name: Create certificate for default site
-  command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
-  args:
-    creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
 
+  - name: Create certificate for default site
+    command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
+    args:
+      creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
+  when: evolinux_default_www_ssl_cert
 
 # Nginx vhost
 
@@ -60,8 +64,7 @@
       # force: yes
     notify: reload nginx
     tags:
-      - nginx
+    - nginx
-
 
   - name: nginx vhost is enabled
     file:
@@ -71,9 +74,9 @@
     notify: reload nginx
     when: evolinux_default_www_nginx_enabled
     tags:
-      - nginx
+    - nginx
 
-  when: nginx_sites_available.stat.exists
+  when: evolinux_default_www_nginx_vhost and nginx_sites_available.stat.exists
 
 
 # Apache vhost
@@ -92,8 +95,7 @@
       # force: yes
     notify: reload apache
     tags:
-      - apache
+    - apache
-
 
   - name: Apache vhost is enabled
     file:
@@ -103,6 +105,6 @@
     notify: reload apache
     when: evolinux_default_www_apache_enabled
     tags:
-      - apache
+    - apache
 
-  when: apache_sites_available.stat.exists
+  when: evolinux_default_www_apache_vhost and apache_sites_available.stat.exists

evolinux-base/tasks/fstab.yml

@@ -49,5 +49,6 @@
     fstype: tmpfs
     opts: defaults,noexec,nosuid,nodev,size=1024m
     state: mounted
+  when: evolinux_fstab_var_tmp
 
 - meta: flush_handlers

evolinux-base/tasks/hostname.yml

@@ -8,6 +8,7 @@
     dest: /etc/hosts
     regexp: '^127.0.0.1(\s+)localhost.*$'
     replace: '127.0.0.1\1localhost.localdomain localhost'
+  when: evolinux_hostname_hosts
 
 - name: Set ip+fqdn+hostname in /etc/hosts
   lineinfile:
@@ -15,30 +16,35 @@
     regexp: '^{{ ansible_default_ipv4.address }}\s+'
     line: "{{ ansible_default_ipv4.address }}    {{ evolinux_fqdn }} {{ evolinux_hostname }}"
     insertafter: '127.0.0.1\s+localhost.localdomain'
+  when: evolinux_hostname_hosts
 
 - name: 127.0.1.1 is removed
   lineinfile:
     dest: /etc/hosts
     regexp: '^127.0.1.1\s+'
     state: absent
+  when: evolinux_hostname_hosts
 
 - name: /etc/mailname is up-to-date
   copy:
     dest: /etc/mailname
     content: "{{ evolinux_fqdn }}\n"
     force: yes
+  when: evolinux_hostname_mailname
 
-- name: override ansible_hostname fact
+# Override facts
+
+- name: Override ansible_hostname fact
   set_fact:
     ansible_hostname: "{{ evolinux_hostname }}"
   when: ansible_hostname != evolinux_hostname
 
-- name: override ansible_domain fact
+- name: Override ansible_domain fact
   set_fact:
     ansible_domain: "{{ evolinux_domain }}"
   when: ansible_domain != evolinux_domain
 
-- name: override ansible_fqdn fact
+- name: Override ansible_fqdn fact
   set_fact:
     ansible_fqdn: "{{ evolinux_fqdn }}"
   when: ansible_fqdn != evolinux_fqdn

evolinux-base/tasks/logs.yml

@@ -8,6 +8,7 @@
     dest: /etc/rsyslog.conf
     mode: 0644
   notify: restart rsyslog
+  when: evolinux_logs_rsyslog_conf
 
 - name: Disable logrotate default conf
   command: mv /etc/logrotate.d/rsyslog /etc/logrotate.d/rsyslog.disabled
@@ -15,14 +16,17 @@
     removes: /etc/logrotate.d/rsyslog
     creates: /etc/logrotate.d/rsyslog.disabled
   notify: restart rsyslog
+  when: evolinux_logs_disable_logrotate_rsyslog
 
 - name: Copy many logrotate files
   copy:
     src: logs/logrotate.d/
     dest: /etc/logrotate.d/
+  when: evolinux_logs_logrotate_confs
 
 - name: Configure logrotate.conf
   replace:
     dest: /etc/logrotate.conf
     regexp: "rotate [0-9]*"
     replace: "rotate 12"
+  when: evolinux_logs_default_rotate

evolinux-base/tasks/main.yml

@@ -1,56 +1,56 @@
 ---
 - name: Hostname
   include: hostname.yml
-  when: evolinux_tasks_hostname
+  when: evolinux_hostname_include
 
 - name: Kernel tuning
   include: kernel.yml
-  when: evolinux_tasks_kernel
+  when: evolinux_kernel_include
 
 - name: Apt configuration and packages install
   include: apt.yml
-  when: evolinux_tasks_apt
+  when: evolinux_apt_include
 
 - name: Fstab configuration
   include: fstab.yml
-  when: evolinux_tasks_fstab
+  when: evolinux_fstab_include
 
 - name: Packages
   include: packages.yml
-  when: evolinux_tasks_packages
+  when: evolinux_packages_include
 
 - name: System settings
   include: system.yml
-  when: evolinux_tasks_system
+  when: evolinux_system_include
 
 - name: Root user configuration
   include: root.yml
-  when: evolinux_tasks_root
+  when: evolinux_root_include
 
 - name: SSH configuration
   include: ssh.yml
-  when: evolinux_tasks_ssh
+  when: evolinux_ssh_include
 
 - name: Postfix
   include: postfix.yml
-  when: evolinux_tasks_postfix
+  when: evolinux_postfix_include
 
 - name: Logs management
   include: logs.yml
-  when: evolinux_tasks_logs
+  when: evolinux_logs_include
 
 - name: Default index page
   include: default_www.yml
-  when: evolinux_tasks_default_www
+  when: evolinux_default_www_include
 
 - name: Hardware drivers and tools
   include: hardware.yml
-  when: evolinux_tasks_hardware
+  when: evolinux_hardware_include
 
 - name: Customize for Online.net
   include: provider_online.yml
-  when: evolinux_tasks_provider_online
+  when: evolinux_provider_online_include
 
 - name: Customize for Orange FCE
   include: provider_orange_fce.yml
-  when: evolinux_tasks_provider_orange_fce
+  when: evolinux_provider_orange_fce_include

evolinux-base/tasks/packages.yml

@@ -13,6 +13,7 @@
   - pv
   - apg
   - conntrack
+  when: evolinux_packages_system
 
 - name: Install/Update diagnostic tools
   apt:
@@ -26,6 +27,7 @@
   - iotop
   - tcpdump
   - mtr-tiny
+  when: evolinux_packages_diagnostic
 
 - name: Install/Update hardware tools
   apt:
@@ -34,7 +36,7 @@
   - hdparm
   - smartmontools
   - lm-sensors
-
+  when: evolinux_packages_hardware
 
 - name: Install/Update common tools
   apt:
@@ -50,12 +52,13 @@
   - rsync
   - bc
   - pinentry-curses
+  when: evolinux_packages_common
 
 - name: Install/Update serveur-base meta-package
   command: "apt-get install -yq --allow-unauthenticated serveur-base"
   register: install_server_base
   changed_when: not (install_server_base.stdout | search("0 upgraded") and install_server_base.stdout | search("0 newly installed"))
-
+  when: evolinux_packages_serveur_base
 
 - name: is an MTA installed?
   command: "dpkg -S /usr/sbin/sendmail"
@@ -66,7 +69,7 @@
 - name: Install lsb-invalid-mta
   apt:
     name: lsb-invalid-mta
-  when: mta_installed.rc != 0
+  when: evolinux_packages_invalid_mta and mta_installed.rc != 0
 
 
 - name: Deleting rpcbin and nfs-common
@@ -76,7 +79,7 @@
   with_items:
     - rpcbind
     - nfs-common
-  when: evolinux_delete_nfs
+  when: evolinux_packages_delete_nfs
 
 
 # TODO: use ini_file when Ansible > 2.1 (no_extra_spaces: yes)
@@ -89,3 +92,4 @@
   with_items:
   - { option: "confirm", value: "1" }
   - { option: "which",   value: "both" }
+  when: evolinux_packages_listchanges

evolinux-base/tasks/postfix.yml

@@ -7,6 +7,7 @@
   with_items:
     - postfix
     - mailgraph
+  when: evolinux_postfix_packages
   tags:
     - packages
     - postfix
@@ -25,6 +26,7 @@
     line: "{{ item }}: root"
   with_items: "{{ non_root_users_list.stdout_lines }}"
   notify: newaliases
+  when: evolinux_postfix_users_alias_root
   tags:
     - postfix
 
@@ -38,6 +40,7 @@
     - abuse
     - mailer-daemon
   notify: newaliases
+  when: evolinux_postfix_mailer_alias_root
   tags:
     - postfix
 
@@ -47,6 +50,7 @@
     regexp: "^root:"
     line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
   notify: newaliases
+  when: evolinux_postfix_root_alias
   tags:
     - postfix
 
@@ -66,4 +70,3 @@
   tags:
     - packages
     - postfix
-

evolinux-base/tasks/root.yml

@@ -5,8 +5,7 @@
     path: /root
     state: directory
     mode: 0700
-  tags:
+  when: evolinux_root_chmod
-    - root
 
 - name: "Customize root's bashrc..."
   lineinfile:
@@ -18,8 +17,7 @@
     - "export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoreboth"
     - "export HISTSIZE=65535"
     - "export HISTTIMEFORMAT=\"%c : \""
-  tags:
+  when: evolinux_root_bashrc
-    - root
 
 ## .bash_history should be append-only
 
@@ -28,38 +26,31 @@
     content: ""
     dest: "/root/.bash_history"
     force: no
-  tags:
+  when: evolinux_root_bash_history
-    - root
 
 - name: Set umask in /root/.profile
   lineinfile:
     dest: "/root/.profile"
     line: "umask 0077"
     regexp: "umask [0-9]+"
-  tags:
+  when: evolinux_root_umask
-    - root
 
 - name: Custom git config for root
   copy:
     src: root/gitconfig
     dest: "/root/.gitconfig"
     force: no
-  tags:
+  when: evolinux_root_gitconfig
-    - root
 
 - name: Is .bash_history append-only
   shell: lsattr /root/.bash_history | grep -E "^.*a.* "
   register: bash_history_append_only
   failed_when: False
   changed_when: False
-  tags:
-    - root
 
 - name: Set .bash_history append-only
   command: chattr +a /root/.bash_history
-  when: bash_history_append_only.rc != 0
+  when: evolinux_root_bash_history_appendonly and bash_history_append_only.rc != 0
-  tags:
-    - root
 
 - name: Setting vim as selected-editor
   lineinfile:
@@ -67,6 +58,7 @@
     regexp: '^SELECTED_EDITOR='
     line: "SELECTED_EDITOR=\"/usr/bin/vim.basic\""
     create: yes
+  when: evolinux_root_vim_default
 
 - name: Setting vim root configuration
   lineinfile:
@@ -83,3 +75,4 @@
     - "set softtabstop=0"
     - "set shiftwidth=4"
     - "set smarttab"
+  when: evolinux_root_vim_conf

evolinux-base/tasks/ssh.yml

@@ -11,7 +11,7 @@
     line: "\nMatch Address {{ evolinux_ssh_password_auth_addresses | join(',') }}\n    PasswordAuthentication yes"
     validate: '/usr/sbin/sshd -T -f %s'
   notify: reload sshd
-  when: grep_matchaddress_ssh.rc != 0 and evolinux_ssh_password_auth_addresses != []
+  when: evolinux_ssh_match_address and grep_matchaddress_ssh.rc != 0 and evolinux_ssh_password_auth_addresses != []
 
 - name: Modify Match Address sshd directive
   replace:
@@ -21,7 +21,7 @@
     validate: '/usr/sbin/sshd -T -f %s'
   with_items: "{{ evolinux_ssh_password_auth_addresses }}"
   notify: reload sshd
-  when: grep_matchaddress_ssh.rc == 0
+  when: evolinux_ssh_match_address and grep_matchaddress_ssh.rc == 0
 
 - name: disable SSH access for root
   replace:
@@ -35,3 +35,4 @@
     dest: /etc/ssh/sshd_config
     regexp: '^AcceptEnv'
     replace: "#AcceptEnv"
+  when: evolinux_ssh_disable_acceptenv

evolinux-base/tasks/system.yml

@@ -12,6 +12,7 @@
     path: /tmp
     state: directory
     mode: 01777
+  when: evolinux_system_chmod_tmp
 
 - name: Setting default locales
   lineinfile:
@@ -24,23 +25,25 @@
     - "fr_FR ISO-8859-1"
     - "fr_FR.UTF-8 UTF-8"
   register: default_locales
+  when: evolinux_system_locales
 
 - name: Reconfigure locales
   command: /usr/sbin/locale-gen
-  when: default_locales | changed
+  when: evolinux_system_locales and default_locales | changed
 
 - name: Setting default timezone
   lineinfile:
     dest: /etc/timezone
     regexp: '^\w+/\w+$'
-    line: "{{ evolinux_timezone | mandatory }}"
+    line: "{{ evolinux_system_timezone | mandatory }}"
     insertbefore: BOF
     create: yes
   register: change_timezone
+  when: evolinux_system_timezone != False
 
 - name: Reconfigure tzdata
   command: dpkg-reconfigure --frontend noninteractive tzdata
-  when: change_timezone | changed
+  when: evolinux_system_timezone != False and change_timezone | changed
 
 # TODO : find a way to force the console-data configuration
 # non-interactively (like tzdata ↑)
@@ -49,6 +52,7 @@
   alternatives:
     name: editor
     path: /usr/bin/vim.basic
+  when: evolinux_system_vim_default
 
 - name: Add "umask 027" to /etc/profile.d/evolinux.sh
   lineinfile:
@@ -56,12 +60,14 @@
     line: "umask 027"
     create: yes
     state: present
+  when: evolinux_system_profile
 
 - name: Set /etc/adduser.conf DIR_MODE to 0700
   replace:
     dest: /etc/adduser.conf
     regexp: "^DIR_MODE=.*$"
     replace: "DIR_MODE=0700"
+  when: evolinux_system_dirmode_adduser
 
 # TODO: trouver comment ne pas faire ça sur Xen Dom-U
 
@@ -71,12 +77,14 @@
     line: "tty2"
     create: yes
     state: present
+  when: evolinux_system_dirmode_adduser
 
 - name: Setting TMOUT to deconnect inactive users
   lineinfile:
     dest: /etc/profile
     line: "export TMOUT=36000"
     state: present
+  when: evolinux_system_dirmode_adduser
 
 #- name: Customizing /etc/fstab
 
@@ -86,6 +94,7 @@
     line: "umask 022"
     create: yes
     state: present
+  when: evolinux_system_dirmode_adduser
 
 - name: Randomize periodic crontabs
   replace:
@@ -98,6 +107,7 @@
   - {regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
   - {regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
   - {regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
+  when: evolinux_system_dirmode_adduser
 
 # NTP server address
 
@@ -105,9 +115,9 @@
   replace:
     dest: /etc/ntp.conf
     regexp: "^server .*$"
-    replace: "server {{ evolinux_ntp_server }}"
+    replace: "server {{ evolinux_system_ntp_server }}"
     backup: yes
-  when: evolinux_ntp_server | default(False)
+  when: evolinux_system_ntp_server != False
 
 ## alert5
 
@@ -117,11 +127,13 @@
     dest: /etc/init.d/alert5
     force: no
     mode: 0755
+  when: evolinux_system_alert5_init
 
 - name: Enable alert5 init script
   service:
     name: alert5
     enabled: yes
+  when: evolinux_system_alert5_init and evolinux_system_alert5_enable
 
 ## network interfaces
 
@@ -131,3 +143,4 @@
     regexp: "allow-hotplug"
     replace: "auto"
     backup: yes
+  when: evolinux_system_eni_auto