Put sysctl to common

group_vars/fet_hosts

@@ -28,3 +28,27 @@ common_basic_packages:
   - gdisk
   - cryptsetup
   - nvme-cli
+
+common_sysctl: True
+common_sysctls:
+#- key: net.ipv6.conf.all.disable_ipv6
+#  val: 1
+- key: net.ipv4.conf.default.rp_filter
+  val: 1
+- key: net.ipv4.conf.all.rp_filter
+  val: 1
+
+- key: net.ipv4.conf.all.accept_redirects
+  val: 0
+- key: net.ipv4.conf.default.accept_redirects
+  val: 0
+- key: net.ipv6.conf.all.accept_redirects
+  val: 0
+- key: net.ipv6.conf.default.accept_redirects
+  val: 0
+
+- key: net.ipv4.conf.all.send_redirects
+  val: 0
+
+- key: net.ipv4.conf.default.accept_source_route
+  val: 0

roles/ariane/defaults/main.yml

@@ -1,28 +1,4 @@
 ---
-ariane_sysctl: True
-ariane_sysctls:
-#- key: net.ipv6.conf.all.disable_ipv6
-#  val: 1
-- key: net.ipv4.conf.default.rp_filter
-  val: 1
-- key: net.ipv4.conf.all.rp_filter
-  val: 1
-
-- key: net.ipv4.conf.all.accept_redirects
-  val: 0
-- key: net.ipv4.conf.default.accept_redirects
-  val: 0
-- key: net.ipv6.conf.all.accept_redirects
-  val: 0
-- key: net.ipv6.conf.default.accept_redirects
-  val: 0
-
-- key: net.ipv4.conf.all.send_redirects
-  val: 0
-
-- key: net.ipv4.conf.default.accept_source_route
-  val: 0
-
 ariane_logrotate: True
 ariane_iptables: True
 ariane_zfs: True

roles/ariane/tasks/main.yml

@@ -1,8 +1,4 @@
 ---
-- import_tasks: sysctl.yml
-  when: ariane_sysctl
-  tags: ['ariane_sysctl', 'sysctl']
-
 - import_tasks: logrotate.yml
   when: ariane_logrotate
   tags: ['ariane_logrotate', 'logrotate']

roles/ariane/tasks/sysctl.yml

@@ -1,10 +0,0 @@
----
-- name: sysctl - sysctl.d
-  file: path=/etc/sysctl.d state=directory owner=root group=root mode=0755
-
-- name: sysctl - set config
-  sysctl:
-    name: "{{ item.key }}"
-    value: "{{ item.val }}"
-    sysctl_file: /etc/sysctl.d/01-custom.conf
-  with_items: "{{ ariane_sysctls }}"