reorder and 'installed'

roles/2-common/tasks/main.yml

@@ -8,8 +8,14 @@
 
 - include_tasks: packages.yml
 
-- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall)
-  include_tasks: network.yml
+- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf"
+  sysctl:    # Places these settings in /etc/sysctl.conf, to survive reboot
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+  with_items:
+    #- { name: 'kernel.sysrq', value: '1' }             # OS values differ, Ok?
+    - { name: 'kernel.core_uses_pid', value: '1' }
+    #- { name: 'kernel.shmmax', value: '268435456' }    # OS values differ, Ok?
 
 - include_tasks: iiab-startup.yml
 

roles/4-server-options/tasks/main.yml

@@ -24,23 +24,6 @@
     name: sshd
   when: sshd_install
 
-
-# UNMAINTAINED
-- name: Install named / BIND
-  include_tasks: roles/network/tasks/named.yml
-  when: named_install is defined and named_install
-
-# UNMAINTAINED
-- name: Install dhcpd
-  include_tasks: roles/network/tasks/dhcpd.yml
-  when: dhcpd_install is defined and dhcpd_install
-
-# LESS MAINTAINED
-- name: Install Squid
-  include_tasks: roles/network/tasks/squid.yml
-  when: squid_install and squid_installed is undefined
-
-
 - name: Install Bluetooth - only on Raspberry Pi
   include_role:
     name: bluetooth

roles/network/tasks/install.yml

@@ -52,10 +52,32 @@
     - { name: 'net.ipv4.ip_forward', value: '1' }  # Masquerading LAN->Internet
     - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
     - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
-    #- { name: 'kernel.sysrq', value: '1' }             # OS values differ, Ok?
-    - { name: 'kernel.core_uses_pid', value: '1' }
     #- { name: 'net.ipv4.tcp_syncookies', value: '1' }  # Very standard in 2020
-    #- { name: 'kernel.shmmax', value: '268435456' }    # OS values differ, Ok?
     - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
     #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }    # AUTO-SET
     #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }         # BY ABOVE
+
+- name: "Set 'network_installed: True'"
+  set_fact:
+    network_installed: True
+
+- name: "Add 'network_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^network_installed'
+    line: 'network_installed: True'
+
+# UNMAINTAINED
+- name: Install named / BIND
+  include_tasks: roles/network/tasks/named.yml
+  when: named_install is defined and named_install
+
+# UNMAINTAINED
+- name: Install dhcpd
+  include_tasks: roles/network/tasks/dhcpd.yml
+  when: dhcpd_install is defined and dhcpd_install
+
+# LESS MAINTAINED
+- name: Install Squid
+  include_tasks: roles/network/tasks/squid.yml
+  when: squid_install and squid_installed is undefined

roles/network/tasks/main.yml

@@ -1,3 +1,7 @@
+- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall)
+  include_tasks: install.yml
+  when: network_installed is undefined
+
 - name: Select RPi firmware mode
   include_role:
     name: firmware