diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 9ed8ff007..c6fb3f21c 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,8 +8,14 @@ - include_tasks: packages.yml -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: network.yml +- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf" + sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? + - { name: 'kernel.core_uses_pid', value: '1' } + #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - include_tasks: iiab-startup.yml diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 8ccf6b88b..9bed4e5e8 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -24,23 +24,6 @@ name: sshd when: sshd_install - -# UNMAINTAINED -- name: Install named / BIND - include_tasks: roles/network/tasks/named.yml - when: named_install is defined and named_install - -# UNMAINTAINED -- name: Install dhcpd - include_tasks: roles/network/tasks/dhcpd.yml - when: dhcpd_install is defined and dhcpd_install - -# LESS MAINTAINED -- name: Install Squid - include_tasks: roles/network/tasks/squid.yml - when: squid_install and squid_installed is undefined - - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/2-common/tasks/network.yml b/roles/network/tasks/install.yml similarity index 86% rename from roles/2-common/tasks/network.yml rename to roles/network/tasks/install.yml index 57bea8434..051e3fe84 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/network/tasks/install.yml @@ -52,10 +52,32 @@ - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE + +- name: "Set 'network_installed: True'" + set_fact: + network_installed: True + +- name: "Add 'network_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^network_installed' + line: 'network_installed: True' + +# UNMAINTAINED +- name: Install named / BIND + include_tasks: roles/network/tasks/named.yml + when: named_install is defined and named_install + +# UNMAINTAINED +- name: Install dhcpd + include_tasks: roles/network/tasks/dhcpd.yml + when: dhcpd_install is defined and dhcpd_install + +# LESS MAINTAINED +- name: Install Squid + include_tasks: roles/network/tasks/squid.yml + when: squid_install and squid_installed is undefined diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d849cebaf..d6806dea4 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,3 +1,7 @@ +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_installed is undefined + - name: Select RPi firmware mode include_role: name: firmware