update.

roles/common/files/etc/sysctl.d/20-swappiness.conf

@@ -1 +0,0 @@
-vm.swappiness = 0

roles/common/files/etc/sysctl.d/50-swappiness.conf

@@ -0,0 +1 @@
+vm.swappiness = 5

roles/common/tasks/basic.yml

@@ -32,6 +32,7 @@
     group: root
     owner: root
   when: 
+    - inventory_hostname not in groups['lxc_guest']
     - copy_plain_files_systemd is defined
     - copy_plain_files_systemd|length > 0
   tags:
@@ -48,6 +49,7 @@
   loop_control:
     label: 'dest: {{ item.name }}'
   when: 
+    - inventory_hostname not in groups['lxc_guest']
     - copy_plain_files_systemd is defined
     - copy_plain_files_systemd|length > 0
   tags:
@@ -61,6 +63,7 @@
     group: root
     owner: root
   when: 
+    - inventory_hostname not in groups['lxc_guest']
     - copy_plain_files_sysctl is defined
     - copy_plain_files_sysctl|length > 0
   tags:
@@ -77,6 +80,7 @@
   loop_control:
     label: 'dest: {{ item.name }}'
   when: 
+    - inventory_hostname not in groups['lxc_guest']
     - copy_plain_files_sysctl is defined
     - copy_plain_files_sysctl|length > 0
   tags:

roles/common/tasks/sudoers.yml

@@ -25,27 +25,27 @@
   tags:
     - sudoers-remove
 
-#- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
-#  template:
-#    src: etc/sudoers.d/50-user.j2
-#    dest: /etc/sudoers.d/50-user
-#    #validate: visudo -cf %s
-#    owner: root
-#    group: root
-#    mode: 0440
-#  tags:
-#    - sudoers-file-configuration
-
-- name: (sudoers.yml) update global sudoers configuration file
+- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
   template:
-    src: etc/sudoers.j2
-    dest: /etc/sudoers
+    src: etc/sudoers.d/50-user.j2
+    dest: /etc/sudoers.d/50-user
+    #validate: visudo -cf %s
     owner: root
     group: root
     mode: 0440
-    #validate: visudo -cf %s
   tags:
-    - sudoers-global-configuration
+    - sudoers-file-configuration
+
+#- name: (sudoers.yml) update global sudoers configuration file
+#  template:
+#    src: etc/sudoers.j2
+#    dest: /etc/sudoers
+#    owner: root
+#    group: root
+#    mode: 0440
+#    #validate: visudo -cf %s
+#  tags:
+#    - sudoers-global-configuration
 
 - name: (sudoers.yml) Ensure all sudo_users are in sudo group
   user:

roles/firewall/templates/etc/systemd/system/ip6t-firewall.service.j2

@@ -1,6 +1,7 @@
-# {{ ansible_managed }}
+{{ ansible_managed | comment }}
 
 {%- if groups['gateway_server']|string is search(inventory_hostname) %}
+
 [Unit]
 Description=IPv6 Firewall with ip6tables
 After=network.target
@@ -16,6 +17,7 @@ User=root
 [Install]
 WantedBy=multi-user.target
 {% else %}
+
 [Unit]
 Description=IPv6 Firewall with ip6tables
 After=network.target

roles/firewall/templates/etc/systemd/system/ipt-firewall.service.j2

@@ -1,4 +1,4 @@
-# {{ ansible_managed }}
+{{ ansible_managed | comment }}
 
 {%- if groups['gateway_server']|string is search(inventory_hostname) %}
 

roles/network_interfaces/templates/etc/network/interfaces.d/device.j2

@@ -1,4 +1,4 @@
-# {{ ansible_managed }}
+{{ ansible_managed | comment }}
 
 {# {% for config in  network_interfaces %} #}
 {% for config in item.1 %}
@@ -18,7 +18,7 @@ allow-{{ stanza }}
 {%   endfor -%}
 
 iface {{ config.device }} {{ config.family | default('inet', true) }} {{ config.method | default('static', true) }}
-{%   set iface_keys = ['description', 'address', 'netmask', 'network', 'broadcast', 'gateway'] %}
+{%   set iface_keys = ['hwaddress ether', 'description', 'address', 'netmask', 'network', 'broadcast', 'gateway'] %}
 {%   for key in iface_keys %}
 {%     if key in config %}
    {{ key }} {{ config[key] }}

roles/network_interfaces/templates/etc/network/interfaces.j2

@@ -1,4 +1,6 @@
-# {{ ansible_managed }}
+{{ ansible_managed | comment }}
+
+source /etc/network/interfaces.d/*
 
 #-----------------------------
 # lo: loopback
@@ -20,5 +22,3 @@ iface lo inet6 loopback
   down /sbin/ip addr del {{ ip }} dev lo
 {% endfor %}
 {% endif %}
-
-source /etc/network/interfaces.d/*