abril/roles/prereq/tasks/main.yml

---
- name: Set same timezone on every Server
  community.general.timezone:
    name: "{{ system_timezone }}"
  when: (system_timezone is defined) and (system_timezone != "Your/Timezone")

- name: Set SELinux to disabled state
  ansible.posix.selinux:
    state: disabled
  when: ansible_os_family == "RedHat"

- name: Enable IPv4 forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    state: present
    reload: yes

- name: Enable IPv6 forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: "1"
    state: present
    reload: yes

- name: Enable IPv6 router advertisements
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.accept_ra
    value: "2"
    state: present
    reload: yes

- name: Add br_netfilter to /etc/modules-load.d/
  copy:
    content: "br_netfilter"
    dest: /etc/modules-load.d/br_netfilter.conf
    mode: "u=rw,g=,o="
  when: ansible_os_family == "RedHat"

- name: Load br_netfilter
  community.general.modprobe:
    name: br_netfilter
    state: present
  when: ansible_os_family == "RedHat"

- name: Set bridge-nf-call-iptables (just to be sure)
  ansible.posix.sysctl:
    name: "{{ item }}"
    value: "1"
    state: present
    reload: yes
  when: ansible_os_family == "RedHat"
  loop:
    - net.bridge.bridge-nf-call-iptables
    - net.bridge.bridge-nf-call-ip6tables

- name: Add /usr/local/bin to sudo secure_path
  lineinfile:
    line: 'Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin'
    regexp: "Defaults(\\s)*secure_path(\\s)*="
    state: present
    insertafter: EOF
    path: /etc/sudoers
    validate: 'visudo -cf %s'
  when: ansible_os_family == "RedHat"