external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

2-common/tasks/main.yml made far more readable

Browse source
This commit is contained in:
A Holt 2021-07-28 01:57:19 -04:00 committed by GitHub
parent d305e13852
commit 5aa1a21c07
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

37
roles/2-common/tasks/main.yml
View file

@ -1,11 +1,18 @@
# Common OS-Level Additions & Mods (that only need to be performed once)
- name: ...IS BEGINNING ==========================================
command: echo
meta: noop
- name: Create IIAB directory structure ("file layout")
include_tasks: fl.yml
- include_tasks: packages.yml
- name: 'Network prep, including partial setup of iptables (firewall). SEE ALSO: 1-prep/tasks/raspberry_pi.yml'
include_tasks: network.yml
- include_tasks: iiab-startup.yml
# UNMAINTAINED
#- include_tasks: centos.yml
# when: ansible_distribution == "CentOS"
@ -22,25 +29,9 @@
#- include_tasks: xo.yml
# when: xo_model != "none" or osbuilder is defined
- include_tasks: packages.yml
- include_tasks: network.yml
# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible
sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot
name: "{{ item.name }}"
value: "{{ item.value }}"
with_items:
- { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet
- { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
- { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
#- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok?
- { name: 'kernel.core_uses_pid', value: '1' }
#- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020
#- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok?
- { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled
#- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET
#- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE
# UNMAINTAINED
#- include_tasks: net_mods.yml
# when: not is_debuntu and not is_F18
# UNMAINTAINED
#- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
@ -48,12 +39,6 @@
# dest: /etc/profile.d/zzz_iiab.sh
# src: zzz_iiab.sh
# UNMAINTAINED
#- include_tasks: net_mods.yml
# when: not is_debuntu and not is_F18
- include_tasks: iiab-startup.yml
- name: Recording STAGE 2 HAS COMPLETED ==========================
lineinfile:
path: "{{ iiab_env_file }}"