---
- name: Set SELinux to disabled state
  selinux:
    state: disabled
  when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux']

- name: Enable IPv4 forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    state: present
    reload: true

- name: Enable IPv6 forwarding
  sysctl:
    name: net.ipv6.conf.all.forwarding
    value: "1"
    state: present
    reload: true

- name: fix dns servers in resolv.conf
  template:
    src: resolv.conf.j2
    dest: /etc/resolv.conf
  when:
    - dns_servers | length() > 0

- name: Add br_netfilter to /etc/modules-load.d/
  copy:
    content: "br_netfilter"
    dest: /etc/modules-load.d/br_netfilter.conf
    mode: "u=rw,g=,o="
  when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux']

- name: Load br_netfilter
  modprobe:
    name: br_netfilter
    state: present
  when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux']

- name: Set bridge-nf-call-iptables (just to be sure)
  sysctl:
    name: "{{ item }}"
    value: "1"
    state: present
    reload: true
  when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux']
  loop:
    - net.bridge.bridge-nf-call-iptables
    - net.bridge.bridge-nf-call-ip6tables

- name: Add /usr/local/bin to sudo secure_path
  lineinfile:
    line: "Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin"
    regexp: "Defaults(\\s)*secure_path(\\s)*="
    state: present
    insertafter: EOF
    path: /etc/sudoers
    validate: "visudo -cf %s"
  when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux']

- name: install nfs-common on the servers
  package:
    name: nfs-common
    state: present