- name: Mount /tmp as tmpfs
  mount:
    name: /tmp
    src: tmpfs
    fstype: tmpfs
    opts: "noatime,nodev,nosuid,size={{ tmpfs_size | default('1G') }}"
    state: mounted
  become: true

- name: Mount /var/tmp as tmpfs
  mount: name=/var/tmp     src=tmpfs fstype=tmpfs opts=noatime,nodev,nosuid,size=1G   state=mounted
  become: true

- name: Mount /proc with hidepid=2
  mount: name=/proc    src=proc  fstype=proc  opts=defaults,hidepid=2     state=mounted
  when: "'containers' not in group_names"
  become: true

- name: Enable auto-logout
  template: src=etc/profile.d/auto-logout.sh.j2 dest=/etc/profile.d/auto-logout.sh mode=0755 owner=root group=root
  become: true

- name: Disable recommended and suggested packages from apt
  template: src=etc/apt/apt.conf.d/90disable-rec-sug.j2 dest=/etc/apt/apt.conf.d/90disable-rec-sug mode=0755 owner=root group=root
  become: true

- name: Install better nanorc
  copy: src=etc/nanorc dest=/etc/nanorc mode=0644 owner=root group=root
  become: true