# Copyright 2020 The Kubernetes Authors.

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
- name: Leak mDNS to DNS (cloud-init-nics) (enable .local domain lookups)
  ini_file:
    path: /etc/systemd/network/10-cloud-init-nics.network
    section: Network
    option: Domains
    value: "~local"
  when: leak_local_mdns_to_dns

- name: Leak mDNS to DNS (dhcp) (enable .local domain lookups)
  ini_file:
    path: /etc/systemd/network/99-dhcp-en.network
    section: Network
    option: Domains
    value: "~local"
  when: leak_local_mdns_to_dns

- name: Double TCP small queue limit to be the same as Ubuntu
  sysctl:
    name: net.ipv4.tcp_limit_output_bytes
    value: "524288"
    state: present
    sysctl_set: yes
    reload: yes
    sysctl_file: "{{ sysctl_conf_file }}"

- name: Disable Apparmor service
  systemd:
    name: apparmor
    daemon_reload: yes
    enabled: false
    state: stopped

- name: Disable Apparmor in kernel
  lineinfile:
    path: /boot/photon.cfg
    backrefs: yes
    regexp: "^(?!.*apparmor=0)(photon_cmdline.*)"
    line: '\1 apparmor=0'