From 5aa1a21c079d0af8b21dfaa9a4d1060a59831f56 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 28 Jul 2021 01:57:19 -0400
Subject: [PATCH] 2-common/tasks/main.yml made far more readable

---
 roles/2-common/tasks/main.yml | 37 +++++++++++------------------------
 1 file changed, 11 insertions(+), 26 deletions(-)

diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml
index f4d86732e..048b455c7 100644
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@@ -1,11 +1,18 @@
 # Common OS-Level Additions & Mods (that only need to be performed once)
 
 - name: ...IS BEGINNING ==========================================
-  command: echo
+  meta: noop
 
 - name: Create IIAB directory structure ("file layout")
   include_tasks: fl.yml
 
+- include_tasks: packages.yml
+
+- name: 'Network prep, including partial setup of iptables (firewall).  SEE ALSO: 1-prep/tasks/raspberry_pi.yml'
+  include_tasks: network.yml
+
+- include_tasks: iiab-startup.yml
+
 # UNMAINTAINED
 #- include_tasks: centos.yml
 #  when: ansible_distribution == "CentOS"
@@ -22,25 +29,9 @@
 #- include_tasks: xo.yml
 #  when: xo_model != "none" or osbuilder is defined
 
-- include_tasks: packages.yml
-- include_tasks: network.yml
-
-# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
-- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible
-  sysctl:    # Places these settings in /etc/sysctl.conf, to survive reboot
-    name: "{{ item.name }}"
-    value: "{{ item.value }}"
-  with_items:
-    - { name: 'net.ipv4.ip_forward', value: '1' }  # Masquerading LAN->Internet
-    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
-    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
-    #- { name: 'kernel.sysrq', value: '1' }             # OS values differ, Ok?
-    - { name: 'kernel.core_uses_pid', value: '1' }
-    #- { name: 'net.ipv4.tcp_syncookies', value: '1' }  # Very standard in 2020
-    #- { name: 'kernel.shmmax', value: '268435456' }    # OS values differ, Ok?
-    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
-    #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }    # AUTO-SET
-    #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }         # BY ABOVE
+# UNMAINTAINED
+#- include_tasks: net_mods.yml
+#  when: not is_debuntu and not is_F18
 
 # UNMAINTAINED
 #- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
@@ -48,12 +39,6 @@
 #    dest: /etc/profile.d/zzz_iiab.sh
 #    src: zzz_iiab.sh
 
-# UNMAINTAINED
-#- include_tasks: net_mods.yml
-#  when: not is_debuntu and not is_F18
-
-- include_tasks: iiab-startup.yml
-
 - name: Recording STAGE 2 HAS COMPLETED ==========================
   lineinfile:
     path: "{{ iiab_env_file }}"