Move sysctl settings (esp. net.ipv4.ip_forward=1!) to local.conf.

Debian 12's Systemd installed /etc/sysctl.d/99-sysctl.conf, a symlink
to /etc/sysctl.conf, so systemd-sysctl has not included sysctl.conf
for a while.  Debian 13 has no /etc/sysctl.d/99-* and no
/etc/sysctl.conf, so Ansible's sysctl builtin was less helpful than
a simple copy to /etc/sysctl.d/local.conf.

diff --git a/README.org b/README.org
index c6cc5ce7164be09342e0cece77f213df5ea41e22..cbb56d8c922573fe8547d2789dd311cac6a30064 100644 (file)
--- a/README.org
+++ b/README.org
@@ -2243,10 +2243,10 @@ not exist), and enable the service.
 
 - name: Enable IP forwarding.
   become: yes
-  sysctl:
-    name: net.ipv4.ip_forward
-    value: "1"
-    state: present
+  copy:
+    content: "net.ipv4.ip_forward = 1\n"
+    dest: /etc/sysctl.d/local.conf
+  notify: Reload sysctl.
 
 - name: Install WireGuard™.
   become: yes
@@ -2284,6 +2284,12 @@ not exist), and enable the service.
 #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/front/handlers/main.yml
 
+- name: Reload sysctl.
+  become: yes
+  systemd:
+    service: systemd-sysctl
+    state: reloaded
+
 - name: Restart WireGuard™.
   become: yes
   systemd:
@@ -3824,10 +3830,10 @@ service.
 
 - name: Enable IP forwarding.
   become: yes
-  sysctl:
-    name: net.ipv4.ip_forward
-    value: "1"
-    state: present
+  copy:
+    content: "net.ipv4.ip_forward = 1\n"
+    dest: /etc/sysctl.d/local.conf
+  notify: Reload sysctl.
 
 - name: Install WireGuard™.
   become: yes
@@ -3870,6 +3876,12 @@ service.
 #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/core/handlers/main.yml
 
+- name: Reload sysctl.
+  become: yes
+  systemd:
+    service: systemd-sysctl
+    state: reloaded
+
 - name: Restart WireGuard™.
   become: yes
   systemd:
@@ -5302,10 +5314,10 @@ not exist), and enable the service.
 
 - name: Enable IP forwarding.
   become: yes
-  sysctl:
-    name: net.ipv4.ip_forward
-    value: "1"
-    state: present
+  copy:
+    content: "net.ipv4.ip_forward = 1\n"
+    dest: /etc/sysctl.d/local.conf
+  notify: Reload sysctl.
 
 - name: Install WireGuard™.
   become: yes
@@ -5343,6 +5355,12 @@ not exist), and enable the service.
 #+CAPTION: [[file:roles_t/gate/handlers/main.yml][=roles_t/gate/handlers/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/gate/handlers/main.yml
 
+- name: Reload sysctl.
+  become: yes
+  systemd:
+    service: systemd-sysctl
+    state: reloaded
+
 - name: Restart WireGuard™.
   become: yes
   systemd:

diff --git a/roles_t/core/handlers/main.yml b/roles_t/core/handlers/main.yml
index 074fe58fa81f93dac58e8ae964e045d4577d6859..2e1513e62f342e8d0958d631089c4f2a5f1c0b56 100644 (file)
--- a/roles_t/core/handlers/main.yml
+++ b/roles_t/core/handlers/main.yml
@@ -69,6 +69,12 @@
     state: restarted
   tags: actualizer
 
+- name: Reload sysctl.
+  become: yes
+  systemd:
+    service: systemd-sysctl
+    state: reloaded
+
 - name: Restart WireGuard™.
   become: yes
   systemd:

diff --git a/roles_t/core/tasks/main.yml b/roles_t/core/tasks/main.yml
index 4debc9a53c0237621e6cda1b743168360d20110c..952b6518f887df7e99eaa1265abd28fd473e7dfe 100644 (file)
--- a/roles_t/core/tasks/main.yml
+++ b/roles_t/core/tasks/main.yml
@@ -659,10 +659,10 @@
 
 - name: Enable IP forwarding.
   become: yes
-  sysctl:
-    name: net.ipv4.ip_forward
-    value: "1"
-    state: present
+  copy:
+    content: "net.ipv4.ip_forward = 1\n"
+    dest: /etc/sysctl.d/local.conf
+  notify: Reload sysctl.
 
 - name: Install WireGuard™.
   become: yes

diff --git a/roles_t/front/handlers/main.yml b/roles_t/front/handlers/main.yml
index cdd096afcd29bbb232aaaed80c9388fa7107ed54..68f86e2d7d909df5b07f7220b83bd3321430847f 100644 (file)
--- a/roles_t/front/handlers/main.yml
+++ b/roles_t/front/handlers/main.yml
@@ -39,6 +39,12 @@
     state: restarted
   tags: actualizer
 
+- name: Reload sysctl.
+  become: yes
+  systemd:
+    service: systemd-sysctl
+    state: reloaded
+
 - name: Restart WireGuard™.
   become: yes
   systemd:

diff --git a/roles_t/front/tasks/main.yml b/roles_t/front/tasks/main.yml
index c31cf1e28cae3e0f24a53ba2d51852072134e725..80d811322048720ae8d29638754b29b66cbb9623 100644 (file)
--- a/roles_t/front/tasks/main.yml
+++ b/roles_t/front/tasks/main.yml
@@ -460,10 +460,10 @@
 
 - name: Enable IP forwarding.
   become: yes
-  sysctl:
-    name: net.ipv4.ip_forward
-    value: "1"
-    state: present
+  copy:
+    content: "net.ipv4.ip_forward = 1\n"
+    dest: /etc/sysctl.d/local.conf
+  notify: Reload sysctl.
 
 - name: Install WireGuard™.
   become: yes

diff --git a/roles_t/gate/handlers/main.yml b/roles_t/gate/handlers/main.yml
index c9076ebe0ee6573f56bbbd416ac15d94fe425254..11cd69a4bfa997cd179a25fe5374373a481d6ab6 100644 (file)
--- a/roles_t/gate/handlers/main.yml
+++ b/roles_t/gate/handlers/main.yml
@@ -16,6 +16,12 @@
     state: restarted
   tags: actualizer
 
+- name: Reload sysctl.
+  become: yes
+  systemd:
+    service: systemd-sysctl
+    state: reloaded
+
 - name: Restart WireGuard™.
   become: yes
   systemd:

diff --git a/roles_t/gate/tasks/main.yml b/roles_t/gate/tasks/main.yml
index b429b9f63c4d02345c76f31fea33e98a169846fd..d16f69c9b74f8fccb5ad0471b34517c754a6a045 100644 (file)
--- a/roles_t/gate/tasks/main.yml
+++ b/roles_t/gate/tasks/main.yml
@@ -132,10 +132,10 @@
 
 - name: Enable IP forwarding.
   become: yes
-  sysctl:
-    name: net.ipv4.ip_forward
-    value: "1"
-    state: present
+  copy:
+    content: "net.ipv4.ip_forward = 1\n"
+    dest: /etc/sysctl.d/local.conf
+  notify: Reload sysctl.
 
 - name: Install WireGuard™.
   become: yes