---
- block:
    - name: Set default kernel hardening parameters
      template:
        src: etc/sysctl.d/99-local.conf.j2
        dest: /etc/sysctl.d/99-local.conf
        owner: root
        group: root
        mode: 0644
      notify: __kernel_reload

    - name: Deploy custom kernel configurations
      template:
        src: etc/sysctl.d/xx-custom.conf.j2
        dest: "/etc/sysctl.d/{{ item.file }}.conf"
        owner: root
        group: root
        mode: 0644
      loop: "{{ kernel_custom_config }}"
      loop_control:
        label: "{{ item.file }}"
      notify: __kernel_reload

    - name: Deploy custom modprobe
      template:
        src: etc/modprobe.d/custom.conf.j2
        dest: /etc/modprobe.d/custom.conf
        owner: root
        group: root
        mode: 0644
      notify: __kernel_reload
  become: True
  become_user: root