From a581d6ebf4dec6b41a3b61fa578507c9ff33db8b Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Sun, 6 Dec 2020 22:06:18 -0600
Subject: [PATCH 1/8] use the same logic as netplan.yml for br0

---
 roles/network/tasks/NM-debian.yml        |  9 +++++++++
 roles/network/tasks/netplan.yml          | 22 ++++++++++++----------
 roles/network/tasks/sysd-netd-debian.yml | 11 ++++++++++-
 3 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml
index ece7fa8cd..64ee8cb25 100644
--- a/roles/network/tasks/NM-debian.yml
+++ b/roles/network/tasks/NM-debian.yml
@@ -70,6 +70,15 @@
     mode: 0600
   when: wan_ip != "dhcp"
 
+- name: Set systemd_networkd enabled
+  set_fact:
+    systemd_networkd_active: True
+  when: iiab_lan_iface == "br0"
+
+- name: Use systemd-networkd to handle br0
+  include_tasks: sysd-netd-debian.yml
+  when: iiab_lan_iface == "br0"
+
 - name: Reload systemd
   systemd:
     daemon_reload: yes
diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml
index b103f3331..afa33c3ce 100644
--- a/roles/network/tasks/netplan.yml
+++ b/roles/network/tasks/netplan.yml
@@ -23,17 +23,19 @@
     - systemd-networkd-wait-online
   when: systemd_networkd_active
 
-- name: Unmask and enable the systemd-networkd service for br0
-  systemd:
-    name: systemd-networkd
-    enabled: yes
-    masked: no
-  when: network_manager_active and iiab_lan_iface == "br0"
+# Moved to NM-debian.yml 2020-12-07
+#- name: Unmask and enable the systemd-networkd service for br0
+#  systemd:
+#    name: systemd-networkd
+#    enabled: yes
+#    masked: no
+#  when: network_manager_active and iiab_lan_iface == "br0"
 
-- name: Ensure systemd-networkd gets enabled for br0
-  set_fact:
-    systemd_networkd_active: True
-  when: network_manager_active and iiab_lan_iface == "br0"
+# Moved to NM-debian.yml 2020-12-07
+#- name: Ensure systemd-networkd gets enabled for br0
+#  set_fact:
+#    systemd_networkd_active: True
+#  when: network_manager_active and iiab_lan_iface == "br0"
 
 # ICO will always set gui_static_wan_ip away from the default of 'unset' while
 # gui_static_wan turns dhcp on/off through wan_ip in computed_network and
diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml
index c334d6688..622663462 100644
--- a/roles/network/tasks/sysd-netd-debian.yml
+++ b/roles/network/tasks/sysd-netd-debian.yml
@@ -57,10 +57,19 @@
     state: started
   when: wifi_up_down and discovered_wireless_iface != "none"
 
-- name: Restart the systemd-networkd service
+- name: Enable & Restart systemd-networkd.service
   systemd:
     name: systemd-networkd
     state: restarted
+    enabled: yes
+    masked: no
+
+- name: Enable & Restart networkd-dispatcher.service
+  systemd:
+    name: networkd-dispatcher
+    state: restarted
+    enabled: yes
+    masked: no
 
 - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False
   systemd:

From bdfd2b057a6eab06028f4924c1f4a6480f3d7048 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Mon, 7 Dec 2020 09:54:00 -0600
Subject: [PATCH 2/8] save a daemon_reload

---
 roles/network/tasks/NM-debian.yml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml
index 64ee8cb25..8cf977c8a 100644
--- a/roles/network/tasks/NM-debian.yml
+++ b/roles/network/tasks/NM-debian.yml
@@ -70,18 +70,14 @@
     mode: 0600
   when: wan_ip != "dhcp"
 
-- name: Set systemd_networkd enabled
-  set_fact:
-    systemd_networkd_active: True
-  when: iiab_lan_iface == "br0"
-
 - name: Use systemd-networkd to handle br0
   include_tasks: sysd-netd-debian.yml
-  when: iiab_lan_iface == "br0"
+  when: iiab_lan_iface == "br0" and not systemd_networkd_active
 
 - name: Reload systemd
   systemd:
     daemon_reload: yes
+  when: not iiab_lan_iface == "br0"
 
 - name: Restart the NetworkManager service
   systemd:

From 8b665c787b3ed2fc37a17a97fb05e07c87522a89 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Tue, 8 Dec 2020 04:20:42 -0600
Subject: [PATCH 3/8] ensure networkd-dispatcher is installed

---
 roles/2-common/tasks/iptables.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/2-common/tasks/iptables.yml b/roles/2-common/tasks/iptables.yml
index 94c1ff003..b8f42b5ef 100644
--- a/roles/2-common/tasks/iptables.yml
+++ b/roles/2-common/tasks/iptables.yml
@@ -26,6 +26,12 @@
     path: /etc/systemd/system/iptables.service
     state: absent
 
+- name: Install package networkd-dispatcher (OS's other than RaspOS)
+  package:
+    name: networkd-dispatcher
+    state: present
+  when: not is_raspbian
+
 - name: Install package iptables-persistent (debuntu)
   package:
     name: iptables-persistent

From 9bc7ae986394e838e7e3580b3e7bfcdd4998d846 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Thu, 25 Feb 2021 13:22:24 -0600
Subject: [PATCH 4/8] rename iptables.yml -> network.yml

---
 roles/2-common/tasks/main.yml                      | 2 +-
 roles/2-common/tasks/{iptables.yml => network.yml} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename roles/2-common/tasks/{iptables.yml => network.yml} (100%)

diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml
index 66fedacd4..e55d12c05 100644
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@@ -19,7 +19,7 @@
   when: xo_model != "none" or osbuilder is defined
 
 - include_tasks: packages.yml
-- include_tasks: iptables.yml
+- include_tasks: network.yml
 
 # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
 - name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible
diff --git a/roles/2-common/tasks/iptables.yml b/roles/2-common/tasks/network.yml
similarity index 100%
rename from roles/2-common/tasks/iptables.yml
rename to roles/2-common/tasks/network.yml

From 829fba343137c5241d7361c0e0e41865da2d0ff7 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Tue, 27 Apr 2021 18:48:03 -0500
Subject: [PATCH 5/8] move network related packages

---
 roles/2-common/tasks/network.yml  | 7 ++++++-
 roles/2-common/tasks/packages.yml | 2 --
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml
index b8f42b5ef..3341efaed 100644
--- a/roles/2-common/tasks/network.yml
+++ b/roles/2-common/tasks/network.yml
@@ -32,9 +32,14 @@
     state: present
   when: not is_raspbian
 
+# used in the network role
 - name: Install package iptables-persistent (debuntu)
   package:
-    name: iptables-persistent
+    name:
+      - iproute2
+      - iptables-persistent
+      - hostapd
+      - netmask
     state: present
   when: is_debuntu
 
diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml
index 4d38c665a..7bc0658cc 100644
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@@ -36,14 +36,12 @@
       - curl          # Used to install roles/nodejs and roles/nodered
       #- etckeeper    # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
       - gawk
-      - hostapd
       - htop
       - i2c-tools     # Low-level bus/chip/register/EEPROM tools e.g. for RTC
       - logrotate
       #- lynx         # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
       - make          # 2021-04-26: What roles (if any) truly still use this?
       - mlocate
-      - netmask
       - net-tools     # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
       - ntfs-3g       # Possibly no longer nec, similar to exfat packages above?
       #- openssh-server    # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml

From fc61d044f19bb03de4612455d9718a125f8655be Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Tue, 27 Apr 2021 19:06:43 -0500
Subject: [PATCH 6/8] cull redhat routines

---
 roles/2-common/tasks/network.yml | 42 --------------------------------
 1 file changed, 42 deletions(-)

diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml
index 3341efaed..fb9db1587 100644
--- a/roles/2-common/tasks/network.yml
+++ b/roles/2-common/tasks/network.yml
@@ -1,31 +1,3 @@
-- name: Disable firewalld service (OS's other than debuntu)
-  service:
-    name: firewalld
-    enabled: no
-  when: not is_debuntu
-
-# Likely no longer nec as of 2019
-- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
-  shell: systemctl disable firewalld.service
-  when: not is_debuntu
-
-- name: Mask firewalld service (OS's other than debuntu)
-  shell: systemctl mask firewalld
-  ignore_errors: yes
-  when: not installing and not is_debuntu
-
-- name: Stop firewalld service (OS's other than debuntu)
-  service:
-    name: firewalld
-    state: stopped
-  ignore_errors: yes
-  when: not installing and not is_debuntu
-
-- name: Remove /etc/systemd/system/iptables.service
-  file:
-    path: /etc/systemd/system/iptables.service
-    state: absent
-
 - name: Install package networkd-dispatcher (OS's other than RaspOS)
   package:
     name: networkd-dispatcher
@@ -43,20 +15,6 @@
     state: present
   when: is_debuntu
 
-- name: Install package iptables-services (OS's other than debuntu)
-  package:
-    name: iptables-services
-    state: present
-  when: not is_debuntu
-
-- name: Install /etc/sysconfig/iptables-config from template
-  template:
-    src: iptables-config
-    dest: /etc/sysconfig/iptables-config
-    # owner: root
-    # group: root
-    # mode: '0644'
-
 - name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
   template:
     src: iptables

From 5914afd1d4a2e7186322275fc7ebd5131091e539 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Wed, 28 Apr 2021 16:43:05 -0500
Subject: [PATCH 7/8] 20

---
 roles/2-common/tasks/packages.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml
index 7bc0658cc..afbeb9d67 100644
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@@ -27,7 +27,7 @@
     state: present
   when: is_debuntu
 
-- name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
+- name: "Install 20 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
   package:
     name:
       - acpid         # Daemon for ACPI (power mgmt) events

From 8cae78bfbfc54bf1f10035b171a4ec44b2d69a22 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Thu, 29 Apr 2021 01:10:35 -0500
Subject: [PATCH 8/8] touch up

---
 roles/2-common/tasks/network.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml
index fb9db1587..3056e98fb 100644
--- a/roles/2-common/tasks/network.yml
+++ b/roles/2-common/tasks/network.yml
@@ -5,7 +5,7 @@
   when: not is_raspbian
 
 # used in the network role
-- name: Install package iptables-persistent (debuntu)
+- name: Install network related packages (debuntu)
   package:
     name:
       - iproute2