# Common OS-Level Additions & Mods (that only need to be performed once)

- name: ...IS BEGINNING ==========================================
  command: echo

- name: Create IIAB directory structure ("file layout")
  include_tasks: fl.yml

- include_tasks: centos.yml
  when: ansible_distribution == "CentOS"

- include_tasks: fedora.yml
  when: ansible_distribution == "Fedora"

- include_tasks: prep.yml
  when: not is_debuntu

- include_tasks: xo.yml
  when: xo_model != "none" or osbuilder is defined

- include_tasks: packages.yml
- include_tasks: iptables.yml

- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
  with_items:
    - { name: 'net.ipv4.ip_forward', value: '1' }
    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
    - { name: 'kernel.sysrq', value: '1' }
    - { name: 'kernel.core_uses_pid', value: '1' }
    - { name: 'net.ipv4.tcp_syncookies', value: '1' }
    - { name: 'kernel.shmmax', value: '268435456' }
    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
    - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
    - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }

- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
  template:
    dest: /etc/profile.d/zzz_iiab.sh
    src: zzz_iiab.sh

- include_tasks: net_mods.yml
  when: not is_debuntu and not is_F18

- include_tasks: udev.yml
- include_tasks: iiab-startup.yml

- name: Recording STAGE 2 HAS COMPLETED ==========================
  lineinfile:
    path: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=2'