diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index fa9420908..9e736a9bb 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -23,57 +23,21 @@ - include_tasks: packages.yml - include_tasks: iptables.yml -- sysctl: - name: net.ipv4.ip_forward - value: '1' - state: present - -- sysctl: - name: net.ipv4.conf.default.rp_filter - value: '1' - state: present - -- sysctl: - name: net.ipv4.conf.default.accept_source_route - value: '0' - state: present - -- sysctl: - name: kernel.sysrq - value: '1' - state: present - -- sysctl: - name: kernel.core_uses_pid - value: '1' - state: present - -- sysctl: - name: net.ipv4.tcp_syncookies - value: '1' - state: present - -- sysctl: - name: kernel.shmmax - value: '268435456' - state: present - -# IPv6 disabled - -- sysctl: - name: net.ipv6.conf.all.disable_ipv6 - value: '1' - state: present - -- sysctl: - name: net.ipv6.conf.default.disable_ipv6 - value: '1' - state: present - -- sysctl: - name: net.ipv6.conf.lo.disable_ipv6 - value: '1' - state: present +- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible + sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + - { name: 'net.ipv4.ip_forward', value: '1' } + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } + - { name: 'kernel.sysrq', value: '1' } + - { name: 'kernel.core_uses_pid', value: '1' } + - { name: 'net.ipv4.tcp_syncookies', value: '1' } + - { name: 'kernel.shmmax', value: '268435456' } + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled + - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } + - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } - name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH template: @@ -91,4 +55,3 @@ dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=2' - state: present